CoPP parameters EcoRouter Documentation / CoPP parameters
Control-Plane Policing
CoPP (Control-Plane Policing) is a management level policy.
The CoPP bandwidth threshold values for EcoBNG are shown in the table below.
| Протокол | Количество пакетов в секунду |
|---|---|
Incoming ARP | 128 |
Incoming BGP | 512 |
Incoming DHCP-Discovery | 1024 |
Incoming DHCP-Other | 1024 |
Incoming ICMP | 1024 |
Incoming IS-IS | 512 |
Incoming LDP | 512 |
Incoming Multicast-IGMP | 128 |
Incoming Multicast-Other | 4096 |
Incoming Multicast-PIM | 512 |
Incoming non-IP | 256 |
Incoming OSPF | 512 |
Incoming Other | 8192 |
Incoming SNMP | 128 |
Incoming SSH | 512 |
Outgoing ICMP | 1024 |
Outgoing Other | 1024 |
In EcoBNG the user can restrict the bandwidth of the traffic for the protocols mentioned in the table in the CP of the router. Security settings against DoS and DDoS attacks are available for interfaces and ports, as well as globally for the CP device. The context CP configuration mode is available by the control-plane command in configuration mode. User can simultaneously configure the protection in different modes (on different elements of the device). Bandwidth limitation commands (the number of packets per second) for different protocols are show in the table below.
| Command | Modes | Description |
|---|---|---|
rate-limit dhcp-discovery <0-262144> | (config-cp), (config-port), (config-port-channel), (config-int) | Total bandwidth limitation for DHCP discover messages from all subscribers |
rate-limit dhcp-other <0-4096> | (config-cp) | Total input bandwidth limitation for all DHCP messages from all clients |
rate-limit dhcp-discovery per-interface <0-262144>
| (config-int) | Total bandwidth limitation for DHCP discover messages from one interface |
rate-limit dhcp-discovery per-subscriber <0-15> | (config-int) | Total bandwidth limitation for DHCP discover messages from one subscriber |
rate-limit arp <0-524288> | (config-cp), (config-port), (config-port-channel), (config-int) | Total bandwidth limitation for ARP request messages from all clients |
rate-limit arp per-interface <0-524288> | (config-int) | Total bandwidth limitation for ARP request messages from one interface |
rate-limit arp per-subscriber <0-524288> | (config-int) | Total bandwidth limitation for ARP request messages from one client |
rate-limit bgp <0-4096> | (config-cp) | Total input bandwidth limitation for BGP traffic |
rate-limit icmp <0-2048> (in|out) | (config-cp) | Total bandwidth limitation for ICMP traffic in various directions |
rate-limit isis <0-4096> | (config-cp) | Total input bandwidth limitation for IS-IS traffic |
rate-limit ldp <0-4096> | (config-cp) | Total input bandwidth limitation for LDP traffic |
rate-limit multicast-igmp <0-262144> | (config-cp) | Total input bandwidth limitation for IGMP traffic |
rate-limit multicast-other <0-262144> | (config-cp) | Total input bandwidth limitation for multicast traffic |
rate-limit multicast-pim <0-262144> | (config-cp) | Total input bandwidth limitation for PIM traffic |
rate-limit non-ip <0-4096> | (config-cp) | Total input bandwidth limitation for any non-IP traffic from all clients |
rate-limit ospf <0-4096> | (config-cp) | Total input bandwidth limitation for OSPF traffic |
rate-limit other <0-524288> (in|out) | (config-cp) | Total bandwidth limitation for unicast traffic in various directions |
rate-limit snmp <0-512> | (config-cp) | Total input bandwidth limitation for SNMP traffic |
rate-limit ssh <0-2048> | (config-cp) | Total input bandwidth limitation for SSH traffic |
In case of exceeding the rate-limit by ARP or DHCP from one MAC address, suspicious traffic from the subscriber is blocked for 30 seconds.
Show commands
Use the show counters copp command to display the current status of CoPP counters in the administration mode.
ecorouter#show counters copp
Received
---------------------------------------------------------------------------------------
rate limit packets bytes dropped
---------------------------------------------------------------------------------------
OSPF 512 182483 12718584 0
ISIS 512 0 0 0
LDP 512 42 2058 0
ARP 2048 2 92 0
IGMP 128 689758 31887634 0
PIM 512 45491 2638478 0
SNMP 128 45326 3550662 0
SSH 4096 213469 46415291 849
ICMP 1024 25399 5731432 0
BGP 512 81 4046 0
DHCP 1024 3399 1165613 0
DHCP DISC 1024 322 110891 0
MCAST 4096 3693916 946661169 0
L2 256 109178 5022188 0
Other 8192 705552 36033915 0
Transmitted
---------------------------------------------------------------------------------------
rate limit packets bytes dropped
---------------------------------------------------------------------------------------
ICMP 1024 34622545 1938862520 29433
Other 8192 2864904 125315112 0
In this output, the number of incoming / outgoing packets, incoming / outgoing bytes, and the number of dropped packets (because of the bandwidth threshold exceeding) are represented.
Use the command clear counters copp to clear current counter values.
ecorouter(config)#clear counters copp