EasyManuals Logo

Cisco Nexus 3600 NX-OS User Manual

Cisco Nexus 3600 NX-OS
154 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #125 background imageLoading...
Page #125 background image
Control Plane Packet Types
Different types of packets can reach the control plane:
Receive packets
Packets that have the destination address of a router. The destination address can be a Layer 2 address
(such as a router MAC address) or a Layer 3 address (such as the IP address of a router interface). These
packets include router updates and keepalive messages. Multicast packets can also be in this category
where packets are sent to multicast addresses that are used by a router.
Exception packets
Packets that need special handling by the supervisor module. For example, if a destination address is
not present in the Forwarding Information Base (FIB) and results in a miss, the supervisor module
sends an ICMP unreachable packet back to the sender. Another example is a packet with IP options
set.
The following exceptions are possible from line cards only:
match exception ip option
match exception ipv6 option
match exception ttl-failure
The following exceptions are possible from fabric modules only:
match exception ipv6 icmp unreachable
match exception ip icmp unreachable
The following exceptions are possible from line cards and fabric modules:
match exception mtu-failure
Redirected packets
Packets that are redirected to the supervisor module.
Glean packets
If a Layer 2 MAC address for a destination IP address is not present in the FIB, the supervisor module
receives the packet and sends an ARP request to the host.
All of these different packets could be maliciously used to attack the control plane and overwhelm the Cisco
NX-OS device. CoPP classifies these packets to different classes and provides a mechanism to individually
control the rate at which the supervisor module receives these packets.
Classification for CoPP
For effective protection, the Cisco NX-OS device classifies the packets that reach the supervisor modules to
allow you to apply different rate controlling policies based on the type of the packet. For example, you might
want to be less strict with a protocol packet such as Hello messages but more strict with a packet that is sent
to the supervisor module because the IP option is set. You configure packet classifications and rate controlling
policies using class maps and policy maps.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
111
Configuring Control Plane Policing
Control Plane Protection

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Nexus 3600 NX-OS and is the answer not in the manual?

Cisco Nexus 3600 NX-OS Specifications

General IconGeneral
BrandCisco
ModelNexus 3600 NX-OS
CategorySwitch
LanguageEnglish

Related product manuals