CoPP 6500

Unanswered Question
Sep 17th, 2010
User Badges:

Hi:

Can anyone explain why I am not seeing any drops in the counters.


I sent 40000 icmp at 1200Bytes in roughly 70 sec. My CPU jumed to 10 % with or without CoPP.


Thanks






#############################################################################



Software Counters:

    Class-map: Normal (match-all)
      40000 packets, 49680000 bytes
      5 minute offered rate 1224000 bps, drop rate 0 bps
      Match: access-group 122
      police:
          cir 50000 bps, bc 1562 bytes, be 1562 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps


Hardware Counters:

    class-map: Normal (match-all)
      Match: access-group 122
      police :
        48000 bps 1000 limit 1000 extended limit
      Earl in slot 6 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes action: transmit
         
        exceeded 0 bytes action: drop
        aggregate-forward 0 bps exceed 0 bps


SNIP CONFIG:


mls qos

!
class-map match-all Catch-All-IP
  match access-group 124
class-map match-all Management
  match access-group 121
class-map match-all Normal
  match access-group 122
class-map match-all Undesirable
  match access-group 123
class-map match-all Routing
  match access-group 120
!
!
policy-map RTR_CoPP
  class Undesirable
   police 32000    conform-action drop     exceed-action drop     violate-action drop
  class Routing
   police 1000000 50000 50000    conform-action transmit     exceed-action transmit     violate-action transmit
  class Management
   police 100000 20000 20000    conform-action transmit     exceed-action drop     violate-action drop
  class Normal
   police 50000    conform-action transmit     exceed-action drop     violate-action drop
  class Catch-All-IP
   police 50000    conform-action transmit     exceed-action drop     violate-action drop
  class class-default
   police 32000    conform-action transmit     exceed-action transmit     violate-action transmit



access-list 120 permit tcp any gt 1024 172.28.220.0 0.0.0.255 eq bgp
access-list 120 permit tcp any eq bgp 172.28.220.0 0.0.0.255 gt 1024 established
access-list 120 permit tcp any gt 1024 172.28.220.0 0.0.0.255 eq 639
access-list 120 permit tcp any eq 639 172.28.220.0 0.0.0.255 gt 1024 established
access-list 120 permit tcp any 172.28.220.0 0.0.0.255 eq 646
access-list 120 permit udp any 172.28.220.0 0.0.0.255 eq 646
access-list 120 permit ospf any 172.28.220.0 0.0.0.255
access-list 120 permit ospf any host 224.0.0.5
access-list 120 permit ospf any host 224.0.0.6
access-list 120 permit eigrp any 172.28.220.0 0.0.0.255
access-list 120 permit eigrp any host 224.0.0.10
access-list 121 permit tcp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq telnet
access-list 121 permit tcp 10.0.2.0 0.0.0.255 eq telnet 172.28.220.0 0.0.0.255 established
access-list 121 permit tcp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq 22
access-list 121 permit tcp 10.0.2.0 0.0.0.255 eq 22 172.28.220.0 0.0.0.255 established
access-list 121 permit udp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq snmp
access-list 121 permit tcp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq www
access-list 121 permit udp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq 443
access-list 121 permit tcp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq ftp
access-list 121 permit tcp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq ftp-data
access-list 121 permit udp 10.0.2.0 0.0.0.255 172.28.220.0 0.0.0.255 eq syslog
access-list 121 permit udp 10.0.3.0 0.0.0.255 eq domain 172.28.220.0 0.0.0.255
access-list 121 permit udp 10.0.4.0 0.0.0.255 172.28.220.0 0.0.0.255 eq ntp
access-list 122 permit icmp any 172.28.220.0 0.0.0.255 echo
access-list 122 permit icmp any 172.28.220.0 0.0.0.255 echo-reply
access-list 122 permit icmp any 172.28.220.0 0.0.0.255 ttl-exceeded
access-list 122 permit icmp any 172.28.220.0 0.0.0.255 packet-too-big
access-list 122 permit icmp any 172.28.220.0 0.0.0.255 port-unreachable
access-list 122 permit icmp any 172.28.220.0 0.0.0.255 unreachable
access-list 122 permit pim any any
access-list 122 permit udp any any eq pim-auto-rp
access-list 122 permit igmp any any
access-list 122 permit gre any any
access-list 123 permit icmp any any fragments
access-list 123 permit udp any any fragments
access-list 123 permit tcp any any fragments
access-list 123 permit ip any any fragments
access-list 123 permit udp any any eq 1434
access-list 123 permit tcp any any eq 639 rst
access-list 123 permit tcp any any eq bgp rst
access-list 124 permit tcp any any
access-list 124 permit udp any any
access-list 124 permit icmp any any
access-list 124 permit ip any any
!
control-plane
service-policy input RTR_CoPP


SW2#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-IPBASE-M), Version 12.2(33)SXH3a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 24-Sep-08 07:00 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)

SW2 uptime is 4 hours, 33 minutes
Uptime for this control processor is 4 hours, 33 minutes
Time since SW2 switched to active is 4 hours, 32 minutes
System returned to ROM by reload at 12:49:06 UTC Fri Sep 17 2010 (SP by reload)
System image file is "sup-bootdisk:s72033-ipbase-mz.122-33.SXH3a.bin"
Last reload reason: Reload Command


cisco WS-C6509-V-E (R7000) processor (revision 1.0) with 983008K/65536K bytes of memory.
Processor board ID FOX113800ST
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
2 Virtual Ethernet interfaces
51 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102

SW2#sh module
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  6    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G        SAL11380UY5
  9   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAL1227W785

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  6  001d.45c2.cf2c to 001d.45c2.cf33   2.0   8.5(2)       12.2(33)SXH3 Ok
  9  0021.d8e7.9518 to 0021.d8e7.9547   3.0   12.2(18r)S1  12.2(33)SXH3 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  6  Policy Feature Card 3       VS-F6K-PFC3C       SAL11391MVF  1.0    Ok
  6  MSFC3 Daughterboard         VS-F6K-MSFC3       SAL11391PJW  1.0    Ok
  9  Centralized Forwarding Card WS-F6700-CFC       SAL1249BWY6  4.1    Ok

Mod  Online Diag Status
---- -------------------
  6  Pass
  9  Pass

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion