Control-plane protection| soft ware hardware counters

Similar Messages

• Control plane protection

  Hi guys,
  I want to implement control plane protection for fragmented packets. As far as i know if fragmented packet are traversing through router then service-policy will be applied at control-plane transit but if fragmented packets are destine to router itself then it will be applied at control-plane host. Correct me if i am wrong. Moreover I want to know the difference between
  Control-plane
  Control-plane host
  Control-plane transit
  Control-plane cef

  Hi Bro
  What you’re doing is good. It’s always best to block the fragmented packets at the control-plane level, rather than via the normal ACL.
  In the basic/lower feature sets IOS versions, there is no breakdown in terms of control-plane. With the advanced/higher feature sets IOS versions, you have control-plane host, control-plane transit and control-plane cef. Your next question would be when do I apply them, in what given situations, am I right? Basically, in a nutshell, here goes
  a)    control-plane host handles packets destined for router itself e.g. management traffic (telnet/ssh/tacacs+/radius) and routing traffic.
  b)    control-plane transit works on IP based packets traversing through the router e.g. internet browsing, email etc.
  c)    control-plane cef focuses on non-IP packets e.g. CDP, ARP etc.
  With this in mind, you might wanna expand your knowledge in depth, by reading this Cisco document http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html
  P/S: if you think this comment is useful, please do rate them nicely :-) and click on the button THIS QUESTION IS ANSWERED.

• Control Plane Protection (Policing) configuration on Catalyst 3850

  I need to block ICMP requests from being received by the switch. And there is no 'control-plane' configuration mode, which I was going to use for this.
  How can I configure this feature or apply another for my purpose?

  Greetings,
  How about on the 3725 router?
  A couple specific questions I have while configuring the portion for IGPs.
  Here is a couple snips of example configurations I'm finding on the Internet, that I have questions on.
  1. Cisco CoPP Best Practicesaccess-list 120 permit ospf any
  access-list 120 permit ospf any host 224.0.0.5
  access-list 120 permit ospf any host 224.0.0.6
  2. Deploying Cisco Control Plane Policing
  ip access-list extended coppacl-igp remark CoPP IGP traffic class
  ! permit OSPF permit ospf any host 224.0.0.5
  permit ospf any host 224.0.0.6 permit ospf any any
  3. RFC6192
    ip access-list extended OSPF
      permit ospf 192.0.2.0 0.0.0.255 any
  Questions - Which optionis better?
  - Is the network specified in option #3, the network statement under the OSPF process, 
  or the actual network I'm routing?
  -  If option #1 is better, what is the "router receive block" mentioned?
  Thank you for your assistance!!
  Debbie

• Control Plane Protection (CPPr) and Traffic Rates

  Hi Everybody,
  currently I'm working on implement policies according to the CPPr but a couple of questions comes to my mind:
  1. Is there any standard to start policing the Management traffic (SSH, SNMP, Telnet, etc)??
  2. How can I identify the current rates for the management protocols in order to Policy them??
  I understand how the MQC works and for sure understand the the CPPr optiones and benefits but I cannot find a way to start using it in my network or tuning it for my needs.
  Kind Regards,
  Jose-Manuel Cortes 

  BTW, don't know why but the **** above should have read k - n - o - b.  Probably the decorum police checking in...

• What snmp OID to use to monitor control-plane of router

  Hi there!
  I've applied policy-maps on control-plane, based on cisco recomandation.
  Now i need to know, what snmp OID i've to use to monitor them (i'm using zabbix)
  Let me know.
  Regards!

  If you are using IOS which uses a policy-map to configure Control Plane Policing then you are asking in the wrong place as this forum is for IOS-XR not IOS but you can poll objects in the CISCO-CLASS-BASED-QOS-MIB::cbQosPoliceStatsTable (for example cbQosCMDropByte64, cbQosPoliceExceededByte64, cbQosPoliceConformedByte64).
  If you mean you have changed the LPTS policers to help protect the control-plane in IOS-XR then I believe there is currently no support for polling the counters via SNMP. See the section on monitoring in Xander's document https://supportforums.cisco.com/document/93456/asr9000xr-local-packet-transport-services-lpts-copp

• Control plane policing

  please does anyone understand the diference in using a class-map of type que-threshold and using a default class-map with que-limit in the policy-map???
  class-map type queue-threshold match-all http-que
       match  protocol http
  policy-map type  queue-threshold http-que
       class http-que
       que-limit 100
  class-map match-all http
  match access-group name http
  policy-map http
  class http
     bandwidth 100000
     queue-limit 100

  The type queue-limit will be matching http packets that are for the router management.
  If you set a queue-limit under a regular class-map you are matching http traffic that is routed through the traffic.
  In other words CPP queue limit protects the control-plane (router management) queue from getting full and DoS the router or locking someone out.
  Regular class-map is for traffic through the routers.
  I hope it helps.
  PK

• Control Plane Policing (CoPP) for Data Center

  Hi All,
  I am planning to apply CoPP on different routers and switches of Data Center. This Data Center comprises of Cisco 6513 (VSS), Catalyst 3750, Cisco 3845 and Cisco 2811.
  My question are:
  1. Do we have to apply CoPP on Catalyst 3750, as these are DMZ switches only?
  2. How to find the packet processing rate from router and switches?
  3. Any best practices CoPP template for routers running OSPF and BGP?
  Thanks and Regards,
  Ahmed.

  1. You would need to apply CoPP to all routers/switches that are 
  manageable from untrusted sites. So even if you have non-DMZ switches 
  that will be able to be telneted to from the outside for example, 
  CoPPing them would be helpful for you.Do we not need to apply
  CoPP on switches and routers that are not telneted from outside?
  Control plan traffic is traffic that goes to the control plane of the router like management traffic, snmp etc. If there is a firewall securing you from the outside I would feel my switches are more secure and it is not easy to bring them to their knees with an attacker doing too much from the outside. Control plane policing applies to all control plane traffic, but it is mostly against outsiders that someone would try to protect himself.
  2. "sh proc
  cpu" would give you some  insight for processes like ssh or telnet and
  how much the take. Not  control packet rate processing though.I
  want to know the maximum packet processing rate of a router or switch?
  I don't think you will be able to pull that number.
  3. Depends
  on how powerful the  router is, how many commands you are running, how
  much route processing  is going on.Best practice for a router
  running OSPF with 200 routes?
  Don't know of any.
  PK

• Wanted to update the software now available, but it is asking for a pass code. As far as I remember in didn't put in any pass code , how do I settle this issue . Earlier updates were asking Apple ID but pass code for updating the new soft ware not known.

  Wanted to update the software now available, but it is asking for a pass code. As far as I remember in didn't put in any pass code , how do I settle this issue . Earlier updates were asking Apple ID but pass code for updating the new soft ware not known.

  Hello Kewal,
  Thank you for the details of the issue you are experiencing when trying to perform an update.  I recommend trying to update using iTunes, and as always, it is a good idea to make a backup first. 
  iOS: Back up and restore your iOS device with iCloud or iTunes
  http://support.apple.com/kb/ht1766
  Update your iPhone, iPad, or iPod touch
  http://support.apple.com/kb/ht4623
  Thank you for using Apple Support Communities.
  Best,
  Sheila M.

• I have a macbook and I'm having trouble backing up my pictures on an external hard drive.  The Macbook won't install the backup drive soft ware? It is a new Sea Gate hard rive from costco.

  I have a macbook and I'm having trouble backing up my pictures on an external hard drive.  The Macbook won't install the backup drive soft ware? It is a new Sea Gate hard rive from costco.

  You don't want to install the software that came with the drive, you don't need it and it will be problematic. Connect the new drive, open Disk Utility, select the new drive and partition it using the GUID partition scheme, then format it as Mac OS extended journaled and it will be easy to use with your Mac.

• My phone has been losing calls and according to the apple store i need to reset it due to a software fault - i have done this and still have the same problems. how do i reset the phone without reinstalling the soft ware fault by way of icloud backup

  my phone has been losing calls and according to the apple store i need to reset it due to a software fault - i have done this and still have the same problems. how do i reset the phone without reinstalling the soft ware fault by way of icloud backup

  Well, it appears that your backup is corrupt, thus causing your issue. So, you'll have to restore as a new device, & not from backup. Follow this by syncing your content back to your phone:
  http://support.apple.com/kb/ht1414
  Do not restore from backup.

• My iphone was stolen and my mother gave me her 3GS, however she never updated the soft ware. It is on 3.13 and will not update to IOS 5.  Help!

  My iphone was stolen and my mother gave me her 3GS, however she never updated the soft ware. It is on 3.13 and will not update to IOS 5.  Help!

  How about the issues with 3.1.3 on the 3GS?
  3.1.3 battery problem
  OS 3.1.3 battery issues
  3.1.3 upgrade - shortened battery life?
  Battery life cut after 3.1.3 update on iPhone 3G
  3.1.3 Firmware is a battery killer - how do I back out this upgrade?
  Some users have problems with any release. iOS 5 is no different, not better, not worse.

• I have a 10.5.8 and would need to know how to upgrade the soft ware to maverick or do I need to buy a new computer

  I have a 10.5.8 and would need to know how to upgrade the soft ware ? . or do I need to buy a new computer. 

  Back up your data, click here, and read the entire page. Mac OS X 10.7 and newer don't support PowerPC software such as Microsoft Office 2004.
  (106103)

• When I bought mac it came with garage band had to cleanup computer so reloaded all soft ware now cant find garage band or reload windows xp

  when I bought mac it came with garage band had to cleanup computer so reloaded all soft ware now cant find garage band or reload windows xp

  richardfromdes plaines wrote:
  now cant find garage band
  reinstall it:
  http://www.bulletsandbones.com/GB/GBFAQ.html#reinstallgb
  (Let the page FULLY load. The link to your answer is at the top of your screen)

• I had a trouble with my lap top and had to format hard disk and install all soft ware again. could any body tell me how to transfer the application and data in my i phone back to my laptop.

  I had a trouble with my lap top and had to format hard disk and install all soft ware again. could any body tell me how to transfer the application and data in my i phone back to itune.

  You can't. It still thinks that your iPhone is synced with another iTunes library (the one that you had before you reformatted the hard drive.

• What is the Control Plans functionality in cProjects used for?

  Hi Folks,
  What is the purpose and usage of control plans in cProjects? Is this useful in an environment where QM is not implemented? Appreciate if somebody could provide an example of how this functionality will be useful from a project management standpoint. I am on cProjects 4.5.
  Cheers,
  Lashan

  Hi,
  the control plan functionality in cProjects is deprecated, see SAP Note 1114207:
  Using the control plans is not recommended because with new  
  developments in SAP PLM Quality Management (QM). cProjects   
  remains the preferred project management solution, but all QM
  aspects that are not directly related to project management  
  should be managed in SAP ERP.                                
  Kind regards,
     Florian