Rate Controlling Mechanisms
Once the packets are classified, the Cisco NX-OS device has different mechanisms to control the rate at which
packets arrive at the supervisor module. Two mechanisms control the rate of traffic to the supervisor module.
One is called policing and the other is called rate limiting.
Using hardware policers, you can define separate actions for traffic that conforms to or violates certain
conditions. The actions can transmit the packet, mark down the packet, or drop the packet.
You can configure the following parameters for policing:
Committed information rate (CIR)
Desired bandwidth, specified as a bit rate or a percentage of the link rate.
Committed burst (BC)
Size of a traffic burst that can exceed the CIR within a given unit of time and not impact scheduling
In addition, you can set separate actions such as transmit or drop for conform and violate traffic.
For more information on policing parameters, see the Cisco Nexus 9000 Series NX-OS Quality of Service
Configuration Guide.
Dynamic and Static CoPP ACLs
CoPP access control lists (ACLs) are classified as either dynamic or static. Cisco Nexus 9300 and 9500 Series
and 3164Q, 31128PQ, 3232C, and 3264Q switches use only dynamic CoPP ACLs. Cisco Nexus 9200 Series
switches use both dynamic and static CoPP ACLs.
Dynamic CoPP ACLs work only for Forwarding Information Base (FIB)-based supervisor redirected packets,
and static CoPP ACLs work for ACL-based supervisor redirected packets. Dynamic CoPP ACLs are supported
for myIP and link-local multicast traffic, and static CoPP ACLs are supported for all other types of traffic.
Static CoPP ACLs are identified by a substring. Any ACL that has one of these substrings is categorized as
a static CoPP ACL.
•
MAC-based static CoPP ACL substrings:
◦
acl-mac-cdp-udld-vtp
◦
acl-mac-cfsoe
◦
acl-mac-dot1x
◦
acl-mac-l2-tunnel
◦
acl-mac-l3-isis
◦
acl-mac-lacp
◦
acl-mac-lldp
◦
acl-mac-sdp-srp
◦
acl-mac-stp
◦
acl-mac-undesirable
•
Protocol-based static CoPP ACL substrings:
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
112
Configuring Control Plane Policing
Control Plane Protection
To Next Page
Loading...
