本檔案介紹Nexus 5500控制平面保護(CoPP)類以及每個類所匹配的流量型別。
CoPP是通過NX-OS版本5.1(3)在Nexus 5500上引入的。 CoPP僅在Nexus 55xx上實施。在Nexus 50x0上不可用。
與Nexus 7000相比,Nexus 5500對CoPP的控制非常有限。無法完全刪除Nexus 5500 CoPP策略。使用者可以選擇三個預定義的策略,也可以建立自定義策略,因為無法從策略對映中刪除CoPP類。只能編輯承諾資訊速率(CIR)速率/突發大小。此外,不能定義新的CoPP類對映。
可能的CoPP策略對映包括:
策略對映名稱不言自明。四個策略中只有一個可以同時應用。刪除任何策略將自動應用預設策略。
只能編輯copp-system-policy-customized。如果嘗試編輯前三個策略,則會返回錯誤:
Switch(config)# policy-map type control-plane copp-system-policy-scaled-l2
ERROR: Only copp-system-policy-customized can be modified
Switch(config)#
所有類對映都使用Match Protocol語句。
類對映不會顯示在運行配置中。運行配置中顯示的唯一與CoPP相關的配置是非預設自定義策略對映配置。例如:
Switch# sh run copp
!Command: show running-config copp
!Time: Tue Apr 30 20:20:00 2013
version 5.2(1)N1(2)
logging level copp 4
policy-map type control-plane copp-system-policy-customized
class copp-system-class-arp
police cir 5000 kbps bc 3600000 bytes
class copp-system-class-default
police cir 2048 kbps bc 6400000 bytes
control-plane
service-policy input copp-system-policy-customized
Switch#
可以使用show class-map type control-plane或show policy-map interface control-plane檢查CoPP類對映。每條match語句旁邊都會提供說明:
Switch# show policy-map interface control-plane | i class-map|match class-map copp-system-class-igmp (match-any)
match protocol igmp --> Matches on IGMP IP protocol number (2)
class-map copp-system-class-pim-hello (match-any)
match protocol pim --> Matches on PIM IP protocol number (103)
class-map copp-system-class-bridging (match-any)
match protocol bridging --> Matches on STP BPDUs
class-map copp-system-class-arp (match-any)
match protocol arp --> Matches on ARP Ethertype (0x806)
class-map copp-system-class-dhcp (match-any)
match protocol dhcp --> Matches on DHCP UDP port number (67, 68)
class-map copp-system-class-mgmt (match-any)
match protocol mgmt. --> Matches on Telnet, SSH, HTTP, SNMP, FTP,
NTP using their well-known ports
class-map copp-system-class-lacp (match-any)
match protocol lacp --> Matches LACP BPDU address and Ethertype
(01-80-C2-00-00-02, 0?8809)
class-map copp-system-class-lldp (match-any)
match protocol lldp_dcx --> Matches on LLDP ethertype (0x88CC)
class-map copp-system-class-udld (match-any)
match protocol udld --> Matches on UDLD destination address
class-map copp-system-class-isis (match-any)
match protocol isis_dce --> Matches on ISIS Ethertype
class-map copp-system-class-msdp (match-any)
match protocol msdp --> Matches on MSDP TCP port (639)
class-map copp-system-class-cdp (match-any)
match protocol cdp --> Matches on CDP destination address 0100.0ccc.cccc
class-map copp-system-class-fip (match-any)
match protocol fip --> Matches on FIP ethertype (0x8914)
class-map copp-system-class-bgp (match-any)
match protocol bgp --> Matches on BGP TCP port number (179)
class-map copp-system-class-eigrp (match-any)
match protocol eigrp --> Matches on EIGRP IP Protocol number (88)
class-map copp-system-class-exception (match-any)
match protocol exception --> IP options, Martian packets (same src and dst addresses)
class-map copp-system-class-glean (match-any)
match protocol glean --> Matches on Adjacency lookup miss
class-map copp-system-class-hsrp-vrrp (match-any)
match protocol hsrp_vrrp --> Matches on HSRP & VRRP Destination IP
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo --> Matches on ICMP type for echo
class-map copp-system-class-ospf (match-any)
match protocol ospf --> Matches on OSPF IP Protocol number (89)
class-map copp-system-class-pim-register (match-any)
match protocol reg --> Matches on PIM register packets
class-map copp-system-class-rip (match-any)
match protocol rip --> Matches on RIP UDP Port (520)
class-map copp-system-class-l3dest-miss (match-any)
match protocol unicast --> Miss in UFIB Lookup
class-map copp-system-class-mcast-miss (match-any)
match protocol multicast --> Miss in MFIB Lookup
class-map copp-system-class-excp-ip-frag (match-any)
match protocol ip_frag --> Matches on MTU-exceeded traffic
class-map copp-system-class-excp-same-if (match-any)
match protocol same-if --> Matches traffic to be sent via same ingress interface
class-map copp-system-class-excp-ttl (match-any)
match protocol ttl --> Matches on TTL=0/1
class-map copp-system-class-default (match-any)
match protocol default --> Matches packets not matched by previous classes
Switch#
CoPP類對映在5.2版中已得到增強,以匹配對應的IPv6控制資料包:
class-map type control-plane match-any copp-system-class-arp
match protocol nd
class-map type control-plane match-any copp-system-class-eigrp
match protocol eigrp6
class-map type control-plane match-any copp-system-class-hsrp-vrrp
match protocol hsrp6
class-map type control-plane match-any copp-system-class-ospf
match protocol ospf3