Implementing Hardware-Based CoPP
Hardware-based CoPP uses the basal accouterments ASICs on the belvedere to rate-limit or
drop the abominable traffic. Because this is angry to the absolute ASICs on the switch, the
implementation differs on anniversary platform.
Configuring Hardware-Based CoPP on the Catalyst 6500
The Cisco Catalyst 6500 about-face with the Sup720/Sup32 administrator engines offers
predefined accouterments amount limiters and supports hardware-based CoPP in affiliation with
software-based CoPP. Hardware-based CoPP is implemented on the administrator band card
and on band cards that abutment broadcast forwarding.
When a packet is destined for the ascendancy plane, it is aboriginal arrested adjoin the accouterments rate
limiters. If it matches one of those, it is bound to the configured rate, and hardware-based
CoPP is not performed on the band card. If it does not bout the accouterments amount limiters, it is
compared adjoin the accouterments CoPP action and rate-limited on the band agenda into which it
entered the switch.
Finally, the packet is afresh subjected to the CoPP action (but now in software mode),
because alike admitting it has already been accurate on the band card, it ability not accede with
the aggregated packet breeze from all the band cards.
NOTE Because of how hardware-based CoPP is implemented on the Catalyst 6500 Sup720/Sup32
supervisors, a packet analogous one of the accouterments amount limiters bypasses the hardwarebased
CoPP action on the switch. The CoPP, however, processes it in software mode. This
means that you can either use hardware-based limiters or hardware-based CoPP for specific
traffic, but not both.
Figure 13-3 shows how flows are aboriginal rate-limited in accouterments approach on anniversary band agenda and
then subjected to software-based CoPP.
Cisco Catalyst 6500 CoPP Support
Hardware Amount Limiters
The accouterments amount limiters are primarily acclimated to ascendancy cartage area an ACL cannot be
used. Examples of this are IP options, Time to Live (TTL), and best manual unit
(MTU) failures, and added appropriate cases.
It is accessible to specify up to 32 altered amount limiters, but some of them allotment one of the
physical amount limiters. Ten concrete amount limiters are available, 2*[Layer 2] and 8*[General/
Unicast/Multicast]. To see which accouterments amount limiters are active, use the command shown
in Archetype 13-1.
CPU
HW Control
Plane Policing
Traffic
to CPU
Each band card
implements Hardware
rate limiters or the
Hardware CoPP
policy independently.
Traffic
to CPU
Traffic
to CPU
Software Control
Plane Policing
HW Control
Plane Policing
HW Control
Plane Policing
The accumulated cartage from the line
cards is candy afresh by
centralized Software CoPP. The
aggregate cartage can be N times
larger than the configured rate
limit, area N is the cardinal of
distributed band cards.
Displaying Default Accouterments Rate-Limiter Values
c6500#sh mls rate-limit
Sharing Codes: S - static, D - dynamic
Codes activating sharing: H - buyer (head) of the group, g - bedfellow of the group
Rate Limiter Type Cachet Packets/s Access Sharing
--------------------- ---------- --------- ----- -------
MCAST NON RPF Off - - -
MCAST DFLT ADJ On 100000 100 Not sharing
MCAST DIRECT CON Off - - -
ACL BRIDGED IN Off - - -
ACL BRIDGED OUT Off - - -
IP FEATURES Off - - -
ACL VACL LOG Off - - -
CEF RECEIVE Off - - -
CEF GLEAN Off - - -
MCAST PARTIAL SC On 100000 100 Not sharing
IP RPF FAILURE On 10000 10 Group:0 S
TTL FAILURE Off - - -
ICMP UNREAC. NO-ROUTE On 10000 10 Group:0 S
ICMP UNREAC. ACL-DROP On 0 0 -
ICMP REDIRECT Off - - -
MTU FAILURE Off - - -
MCAST IP OPTION Off - - -
UCAST IP OPTION Off - - -
LAYER_2 PDU Off - - -
LAYER_2 PT Off - - -
IP ERRORS On 10000 10 Group:0 S
CAPTURE PKT Off - - -
MCAST IGMP Off - - -
MCAST IPv6 DIRECT CON Off - - -
MCAST IPv6 ROUTE CNTL Off - - -
MCAST IPv6 *G M BRIDG Off - - -
MCAST IPv6 SG BRIDGE Off - - -
MCAST IPv6 DFLT DROP Off - - -
MCAST IPv6 SECOND. DR Off - - -
MCAST IPv6 *G BRIDGE Off - - -
MCAST IPv6 MLD Off - - -
IP ADMIS. ON L2 PORT Off - - -
To change the ethics of these amount limiters, use the mls rate-limit command. For example,
to absolute the cardinal of packets per added that would be alone because of TTL expiry,
use the afterward command:
C6500(config)#mls rate-limit all ttl-failure 10
The mls rate-limit command sets the accustomed packets per added (pps) amount to 10, but it
also sets the added access amount to 10 pps. You can manually change the access amount by
specifying an alternative constant afterwards the antecedent pps value.
Hardware-Based CoPP
When a CoPP action is authentic application Modular QoS CLI (MQC) on the 6500, it is, by
default, performed alone in software approach on the axial CPU. However, if multilayer
switching (MLS) QoS appearance are enabled on the switch, hardware-based CoPP is enabled
on the axial action affection agenda (PFC) and on any band cards that abutment distributed
forwarding (DFC capability). The command to globally accredit MLS QoS is as follows:
c6500(config)#mls qos
To appearance the cachet of MLS QoS on the switch, attending at Archetype 13-2.
Displaying MLS QoS Cachet (IOS 12.2(18)SXF)
C6500#sh mls qos
QoS is enabled globally
QoS ip packet dscp carbon enabled globally
Input approach for GRE Tunnel is Pipe mode
Input approach for MPLS is Pipe mode
Vlan or Portchannel(Multi-Earl) behavior supported: Yes
Egress behavior supported: Yes
----- Module [5] -----
QoS all-around counters:
Total packets: 743500
IP adjustment packets: 0
Packets alone by policing: 740409
IP packets with TOS afflicted by policing: 24
IP packets with COS afflicted by policing: 0
Non-IP packets with COS afflicted by policing: 0
MPLS packets with EXP afflicted by policing: 0
To configure a CoPP policy, use the guidelines explained in the section, “Configuring
Software-Based CoPP.”