Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

6500 Sup 720 3B broadcast/multlcast/unicast supression - Data plane

Hello!!,

We have a 6500 with Sup 720 3B. It is in truncated fabric mode. The requirement is that any Desktop/laptop/server that has been infected with any worms should not bring the vlan/network down.

The obvious solution would be to control broadcast/unicast/multicast packets. However since the chassis has classical line cards "storm control" and mls layer 2 rate limiters are not available. I am aware of the mls ARP policer. CoPP would be available for the control plane i.e for traffic meant for an IP on the RP.

My question is what is the best solution to control traffic (multicast/unicast) at the data plane. For example there is a user who is sending multicast packets to some random IP like 227.1.2.3 at full wire rate. How do we deal with this? I am assuming that CoPP cannot play any role here since 227.1.2.3 is no an IP that exists on the RP.

In my understanding correct? I tried/tested the below configuration, but still CPU goes up to 100%. Even if it works , by changing 1000000 in the policer to a smaller value, is the below recommended method to control excess traffic at the data plane, for hosts/servers connected directly to the chassis?

mls qos

access-list 2000 remark ACL_police_excess

access-list 2000 permit ip 192.168.202.0 0.0.0.255 any

class-map match-all class_500

match access-group 2000

policy-map VLAN_500_policy

  class class_500

     police aggregate POLICE_traffic_500

mls qos aggregate-policer POLICE_traffic_500 1000000 31250 31250 conform-action transmit exceed-action drop

int g2/3

description TEST

switchport

switchport access vlan 500

switchport mode access

load-interval 30

spanning-tree portfast

service-policy input VLAN_500_policy

CORE#show policy-map interface g2/3

GigabitEthernet2/3

  Service-policy input: VLAN_500_policy

    class-map: class_500 (match-all)

      Match: access-group 2000

      police aggregate POLICE_traffic_500 :

        1000000 bps 31000 limit 31000 extended limit

      Earl in slot 5 :

        193242226 bytes

        30 second offered rate 31875256 bps

        aggregate-forwarded 1527456 bytes action: transmit

        exceeded 191714770 bytes action: drop <---

        aggregate-forward 102576 bps exceed 13277944 bps

    Class-map: class-default (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: any

        0 packets, 0 bytes

        30 second rate 0 bps

PC in vlan 500 generates rouge multicast/unicast traffic.

Any help would be greatly appreciated!!

PS - I am using a small application called "wsend.exe" (Microsoft application) to generate multicasts.

Regards.

Everyone's tags (5)
393
Views
0
Helpful
0
Replies
CreatePlease to create content