Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Control Plane Policing

Hi,

How beneficial is CoPP in the context of device hardening?

What are the drawbacks of applying CoPP on an Internet Border Gateway.

Is CoPP approach analogous to IPTABLES INPUT/OUTPUT chains?

Thanks for your thoughts.

5 REPLIES

Re: Control Plane Policing

How beneficial is CoPP in the context of device hardening?

I never really thought of it as hardening, but now that you brought it up, it certainly makes sense that it is. I think it's pretty important, especially in places where you can't get console access.

What are the drawbacks of applying CoPP on an Internet Border Gateway.

I don't think anything...

Is CoPP approach analogous to IPTABLES INPUT/OUTPUT chains?

No. CoPP is QoS on the control plane (ie Telnet/SSH, ICMP, SNMP, IGP).

Here's a good link I found on CoPP. If you need a real world config of CoPP check the second link.

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

http://tinyurl.com/5cmp2y

Hope that helps.

Community Member

Re: Control Plane Policing

What about the router resource utilization (CPU,etc)? Could there be any performance hits once CoPP is enabled?

Re: Control Plane Policing

Negligible. It, like QoS on the data plane, is only enacted during congestion.

Community Member

Re: Control Plane Policing

Hi Collin,

Have you deployed this already?

Based on your experience, any particular points one may have to focus on during implementation?

Many Thanks,

Re: Control Plane Policing

Yes I've deployed it. Be sure to test in the lab and make sure you get the protocols you need implemented. Unfortunately it's one of things you hope is configured correctly when things go wrong.

383
Views
5
Helpful
5
Replies
CreatePlease to create content