Control Plane Policing (CoPP)

Control Plane Policing (CoPP)

ASAR MOHAMMAD ASAR MOHAMMAD

ASAR MOHAMMAD

Network Engineer @Nipun Net Solutions Pvt Ltd| CCNA CCNP NSE PYTHON LINUX | Configuring Designing and Troubleshooting & managing Networks

发布日期: 2024年1月9日
+ 关注

In this, we will see how we can do Control Plane Policing but first let's understand what is #Control Plane and #Policing.

As we all know we have three different Planes in any Network Device i.e.; DATA PLANE, CONTROL PLANE, and MANAGEMENT PLANE.

Data Plane: User Plane, where all the user traffic transfers from the device

Control Pane: It is responsible for the traffic that is initiated to or from the device.

Management Plane: Configuration, Management, and Monitoring of the device is done through this Plane.

Control Plane Policing

  • Used to Protect the device (RP) Route Processor which is responsible for route processing and distributing forwarding tables.
  • Protects the device from the DoS Attacks
  • Rate Limit traffic using the QoS

So before Jumping into the Practical, We need to understand the three important points i.e.; Class-Map, Policy-Map, and Service-Policy.

Because to perform the Policing we need to configure the above-mentioned points.

领英推荐

  • Class-Map: Classify network traffic based on Layers 3,4 & 7 information.
  • Policy-Map: Define the series of actions that need to be taken against the traffic-matching a class-map.
  • Service-Policy: Specify where a policy map should be implemented.

Control Plane Policing in 4 steps:-

  1. Create an ACL to identify
  2. Create a class map to classify the traffic
  3. Create a Policy map to define the action taken against the traffic
  4. Create a Service Policy to enable policing on the Control Plane interface

Step 1:ACL Configuration
==========================================================================
R1>enable
R1#conf t
R1(config)#ip access-list extended 101
R1(config)#permit icmp any any
R1(config)#exit

Step 2:Class-map Configuration
==========================================================================
R1>enable
R1#conf t
R1(config)#class-map PING
R1(config)#match access-group 101
R1(config)#exit

Step 3:Policy-map Configuration
==========================================================================
R1>enable
R1#conf t
R1(config)#class-map PING-POLICY
R1(config)#class PING
R1(config)#police 8000 conform-action transmit  exceed-action drop
R1(config)#exit

Step 4:Service Policy on Control-plane Configuration
==========================================================================
R1>enable
R1#conf t
R1(config)#control-plane
R1(config)#service-policy input PING-POLICY
R1(config)#exit

Verification Command
=========================================================================
R1#sh policy-map control-plane
 Control Plane

  Service-policy input: PING-POLICY

    Class-map: PING (match-all)
      2005 packets, 228570 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group 101
      police:
          cir 8000 bps, bc 1500 bytes
        conformed 1867 packets, 212838 bytes; actions:
          transmit
        exceeded 138 packets, 15732 bytes; actions:
          drop
        conformed 0000 bps, exceeded 0000 bps

    Class-map: class-default (match-any)
      36 packets, 14184 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
R1#end

Ping Command Output form PC to Router

Ping Output

Note: Here the dot indicates the ping traffic exceeds 8000 bits per second (defined criteria on the router for the drops)


要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了