Solved: Control plane size in bps

gautamzone · ‎02-22-2010

Dear friends,

Are there any stats on the control-plane size for each platform?

I am specifically looking for the control-plane size (in bps) for 6509-E with Sup-720-3B.

The reason i need to know is that when i police traffic for important / normal classes, i need to know

how much percent of control plane i am reserving for them. I want to make sure that i dont make the police bps

very high for important / normal classes such that there is less room for critical and default traffic.

Thanks a lot

Gautam

Giuseppe Larosa · ‎02-22-2010

Hello Gautam,

if I've understood correctly you are configuring CoPP.

Consider also Denial of service protection that allows to define special case rate limiters of traffic towards the main CPU

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html

HW based rate limiters:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dos.html#wp1141067

Actually, the objective is to keep the cpu usage as low as possible. This may explain why a figure of control plane speed is not reported.

You should configure CoPP and HW rate so that STP BPDUs and all routing protocol messages are not dropped and telnet/SSH and SNMP can be performed.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎02-22-2010

Hello Gautam,

if I've understood correctly you are configuring CoPP.

Consider also Denial of service protection that allows to define special case rate limiters of traffic towards the main CPU

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html

HW based rate limiters:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dos.html#wp1141067

Actually, the objective is to keep the cpu usage as low as possible. This may explain why a figure of control plane speed is not reported.

You should configure CoPP and HW rate so that STP BPDUs and all routing protocol messages are not dropped and telnet/SSH and SNMP can be performed.

Hope to help

Giuseppe

gautamzone · ‎02-23-2010

Dear guislar,

Thanks a lot for your kind response.

Can you please review my policy-map config alone (mainly the policing part) and tell me if these numbers are not exaggerated / overstated.

I know that CoPP is company specific but the only thing i want to check is that the policing numbers are not too big for control plane to handle.

policy-map control-plane-in

class cp-critical-in

class cp-important-in

police 1000000 conform-action transmit exceed-action transmit

class cp-normal-in

police 1000000 conform-action transmit exceed-action transmit

class cp-undesirable-in

police 32000 conform-action transmit exceed-action transmit

class cp-default-in

police 1000000 conform-action transmit exceed-action transmit

Also, i have a transmit for every action here.I will be changing the exceed-action to deny.

I have created an EEM script that runs every 3 mins to collect the output of show policy-map control-plane just to get a baseline.

Based on those outputs, i will fine tune further these policing numbers.

My other clarification is regarding the deny access-list for every class at the end. If i define a drop action for excess traffic (exceed-action drop), i hope that the deny access-list will not match that and be dropped!! Also, i hope that the deny access-list counters and not incrementing the 5 minute offered rate in the command show policy-map control-plane.

Thanks a lot again

Gautam