Required by regulations to implement CoPP on our routers, I installed the following configuration on a C2811 router pair with integrated DSU/CSU cards connecting a point T1. STAC compression(software) is configured on the serial interfaces and the link is often congested.
>>ip access-list extended CoPP_CRITICAL
>>remark our control plane adjacencies are critical permit tcp
>>X.Y.10.0 0.0.0.255 eq tacacs any permit tcp X.Y.10.0 0.0.0.255
>>any eq 22 deny ip any any
>>
>>ip access-list extended CoPP_IMPORTANT permit udp host 128.38.10.240
>>any eq snmp permit udp host X.Y.10.241 any eq snmp permit udp host
>>X.Y..26.1 eq ntp any deny ip any any
>>
>>ip access-list extended CoPP_NORMAL
>>remark we will want to rate limit ICMP traffic permit icmp any any
>>echo permit icmp any any echo-reply permit icmp any any time-exceeded
>>permit icmp any any unreachable deny ip any any
>>
>>ip access-list extended CoPP_UNDESIRABLE remark other management plane
>>traffic that should not be received permit udp any any eq ntp permit
>>udp any any eq snmptrap permit tcp any any eq 22 permit tcp any any eq
>>23 remark other control plane traffic not configured on router deny ip
>>any any
>>
>>ip access-list extended CoPP_DEFAULT
>>permit ip any any
>>policy-map CONTROL_PLANE_POLICY
>>class CoPP_CRITICAL
>>police 512000 8000 conform-action transmit exceed-action transmit
>>class CoPP_IMPORTANT police 256000 4000 conform-action transmit
>>exceed-action drop class CoPP_NORMAL police 128000 2000 conform-action
>>transmit exceed-action drop class CoPP_UNDESIRABLE police 8000 1000
>>conform-action drop exceed-action drop class CoPP_DEFAULT police 64000
>>1000 conform-action transmit exceed-action drop
This configuration severely degraded the IP traffic flow and I had to remove it. Not having any practical experince with CoPP I'm looking for help and suggestions on how to best implement in this scenario. Thanks