- Blue, 1500 points or more
I have a 7600 with dual RSP720s.
I want to deploy a CoPP policy.
1.) Should the destination address of the ACLs that classify the traffic be the address of the MSFC? In this case, what I mean by the MSFC is the mangment IP address of the RSP720 module. if not, which address am I trying to protect?
This is the applicable RSP config of the router:
description Mgmt Interface - RSP720 Engine Slot 5
ip address 10.41.248.3 255.255.255.0
sorry I didn't want to mean you hadn't looked at documentation!
As Istavan suggests you have the freedom to choice how much tight is the control you perform.
Just one hint about SNMP and other management protocols:
in a modular chassis like this inter modules communication may happen with IP packets usually using loopback addresses like 127.0.0.x.
First time we enabled receive ACL on a GSR we were able to isolate the GRP and the linecard modules on the same chassis!
I don't know if CoPP is smarter under this aspect.
However, I think you need to provide for the SSO communication between the two supervisors putting it on critical traffic unless it uses some form of out of band communication
Hope to help
It's not mandatory to configure a specific destination address for each type of traffic.
You can define the type of traffic with generalized source and destination, in case of BGP for example:
permit tcp any any eq bgp
permit tcp any eq bgp any
and so on.
If you define very specific ip host addresses in the ROUTING_TRAFFIC ACL then CRITICAL_TRAFFIC policing will be applied to those flows only.
Other possible BGP flows that are not included in the ROUTING_TRAFFIC ACL will then be classifed by the GENERAL_TRAFFIC ACL, and will be policed accordingly.