Control-Plane Policy CPP for ISR Router

Unanswered Question
Apr 13th, 2010

I have been looking everywhere for some documentation on implenting CPP on the 2800 series routers.  I have the class-map and policy-map statements complete, however I am not sure what bandwidth to use for the police statements.  The only documentation I can find is for 6500s.  Any ideas?

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Tue, 04/13/2010 - 07:41

Hello Troy,

this is the difficult part of the job.

you can use a similar approach to that presented for the C6500 and you can try to dimension the traffic volumes for the different protocols you use in your network.

You need to take in account not only steady state operation (OSPF hellos for example ) but also what is needed for the learning /loading phase.

The idea is to protect the device for excessive traffic and messages so feel free to multiply your calculations by two for example

Hope to help


lamav Tue, 04/13/2010 - 08:01


I sympathize with you. I've struggled with the same issue.

The right answer is that there are no particular numbers you should use because each situation is different and each environment has different traffic loads and behavior.

One has to really understand their network's traffic characteristics. For example, do you have technologies deployed that are process switched and cannot be CEF switched? If so, you need to account for that traffic when you apply the policing parameters. A good example of this is DHCP relay traffic under an interface that uses helper addresses. This traffic is process switched.

Moreover, the network's traffic load may spike during recovery after certain kinds of outages, so you have to take that into consideration, too.

The thing to do is to use very liberal numbers at first and leave them in place for a while. Examine the traffic load for each class and begin tuning the numbers from there. There are certain categories of traffic that are pretty safe to be aggressive with, such as fragments and ICMP on the control plane. Fragments should not exist (Data plane, yes. Control plane, no.) and ICMP should be very minimal. And if you have icmp redirects and other such icmp-related functions disabled, you can really be aggressive with the numbers.



bennett.troy Tue, 04/13/2010 - 08:40

Thanks for the feedback.

I was hoping for some information on the speed of the actual control-plane, so I could carve out statements similiar to applying QoS on a WAN link.  However I know it isnt quite the same architecture.  We have policies in place for our 6500s, I have added those rates to our lab 2800 routers.  I just wasnt sure if 6500s (sup720) can handle a higher load or not, whether those figures would actually give too much buffer on the 2800 architecture.

Once again thanks for the replies


This Discussion

Related Content