6500 Sup 720 3B broadcast/multlcast/unicast supression - Data plane
We have a 6500 with Sup 720 3B. It is in truncated fabric mode. The requirement is that any Desktop/laptop/server that has been infected with any worms should not bring the vlan/network down.
The obvious solution would be to control broadcast/unicast/multicast packets. However since the chassis has classical line cards "storm control" and mls layer 2 rate limiters are not available. I am aware of the mls ARP policer. CoPP would be available for the control plane i.e for traffic meant for an IP on the RP.
My question is what is the best solution to control traffic (multicast/unicast) at the data plane. For example there is a user who is sending multicast packets to some random IP like 18.104.22.168 at full wire rate. How do we deal with this? I am assuming that CoPP cannot play any role here since 22.214.171.124 is no an IP that exists on the RP.
In my understanding correct? I tried/tested the below configuration, but still CPU goes up to 100%. Even if it works , by changing 1000000 in the policer to a smaller value, is the below recommended method to control excess traffic at the data plane, for hosts/servers connected directly to the chassis?
access-list 2000 remark ACL_police_excess
access-list 2000 permit ip 192.168.202.0 0.0.0.255 any
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...