OcNOS-SP : System Management Guide : System Management Configuration Guide : Control Plane Policing Configuration
Control Plane Policing Configuration
Control plane policing (CoPP) manages the traffic flow destined to the host router CPU for control plane processing. CoPP limits the traffic forwarded to the host CPU and avoids impact on system performance.
1. CoPP has organized handling of control packets by providing per-protocol hardware CPU queues. So, control packets are queued in different CPU queues based on protocol.
2. Per-protocol CPU queue rate limits and buffer allocations are programmed during router initialization, thus every CPU queue is rate-limited to a default stable and balanced behavior across protocols.
3. When control packets received at higher rate than the programmed rate, the excess traffic is dropped at queue level in the packet processor hardware itself.
4. OcNOS does not support per-queue rate modification and usage monitoring.
5. All CPU queues are pre-programmed with default rate limits and buffer allocations to ensure a default stable and balanced behavior across protocols.
6. Rate limits are in terms of kbps. Hardware does not support PPS (packets per second).
7. Qumran (MX, AX, and UX) supports per-queue rate shaping configuration within a range of 469 kbps to 483 gbps. The granularity is 469 kbps for low range and 1.56% for higher range.
.
Table 29-1: Default CPU queues 
Default queues
Default rate In kbps
Maximum configurable rate in kbps
Default queue length
In kbytes
Description
CPU0.q0
900
900
1024
 
 
 
 
 
 
 
 
Unclassified protocols and unknown or destination lookup failure packets are redirected to default CPU queues 0-7 based on packet's cos/dscp values.
 
SSH, TELNET and SNMP traffic destined to host router CPU is remarked to CPU0.q6.
 
SSH: TCP Source/Destination port 22
TELNET: TCP Source/Destination port 23
SNMP: UDP Source/Destination port 161/162
CPU0.q1
900
900
1024
CPU0.q2
900
900
1024
CPU0.q3
900
900
1024
CPU0.q4
900
900
1024
CPU0.q5
900
900
1024
CPU0.q6
900
900
1024
CPU0.q7
900
900
1024
CPU1.q0
900
900
1024
CPU1.q1
900
900
1024
CPU1.q2
900
900
1024
CPU1.q3
900
900
1024
CPU1.q4
900
900
1024
CPU1.q5
900
900
1024
CPU1.q6
900
900
1024
CPU1.q7
900
900
1024
*cpu1 is valid only for QMX
 
Table 29-2: Per protocol CPU queues 
Protocol queues
Defaultrate In kbps
Maximum configurable Rate in kbps
Default queue length
In kbytes
Description
IGMP
1000
1000
2048
Internet Group Management Protocol packets (IP protocol 2)
ISIS/ESIS
8000
8000
1024
ISIS (DMAC 0180:C200:0014/0015)
ESIS (DMAC 0900:2B00:0004/0005)
Note: ESIS = End System-to-Intermediate System (ISIS point-to-point case)
Reserved Mcast
8000
8000
2048
Reserved IPv4 and IPv6 Multicast packets
IPv4: Local Network Control Block (224.0.0.0 - 224.0.0.255 (224.0.0/24))
IPv6: Link-Local Scope Multicast Addresses (FF02::/8)
IPv6 Link Local
1000
1000
1024
IPv6 link local packets
DIPv6: FE80::/8
ospf
8000
8000
1024
OSPF unicast packets (IP protocol 89)
bgp
8000
8000
1024
BGP packets
TCP source/destination port number: 179
rsvp/ldp
2000
2000
1024
RSVP and LDP packets
RSVP: IP protocol 46
LDP: L4 source/destination port number:646
vrrp/rip/dhcp
8000
8000
1024
VRRP packets: IP protocol number 112
RIP packets: UDP source and destination port number: 520
RIPNG packets: UDP source and destination port number: 521
DHCP: DHCP v4/v6 server packets, DHCP v4/v6 client packets (L4 source/destination port number: 67 or 68)
pim
1000
1000
1024
Protocol Independent Multicast packets: IP protocol number 103
icmp
1000
1000
1024
ICMP packets: IP protocol number 1
Unicast ICMPv6 packets: IP next header number 58
arp
1000
1000
1024
ARP packets. Ether-type 0x0806
bpdu
1000
1000
1024
xSTP: DMAC 0180:C200:0000
Provider Bridging: 0180:C200:0008
LACP: DMAC 0180:C200:0002, ethertype:0x8809, subtype:1/2
AUTHD: DMAC 0180:C200:0003
LLDP: DMAC 0180:C200:000E
EFM: DMAC 0180:C200:0002, ethertype:0x8809, subtype:3
ELMI: DMAC 0180:C200:0007
SYNCE: DMAC 0180:C200:0002, ethertype:0x8809, subtype:0x0A
RPVST: DMAC 0100:0CCC:CCCD
L2TP: DMAC 0100:C2CD:CDD0/0104:DFCD:CDD0
G8032: DMAC 0119:A700:00XX
bfd
16384
16384
1024
BFD Single hop packets: UDP port 3784, TTL 255
BFD Multi hop packets: UDP port 4784
Micro BFD packets: UDP port 6784, TTL 255
sflow
1500
1500
1024
Ingress and Egress sampled packets
dsp
500
500
76800
L2 FDB events
vxlan
500
500
1024
ARP and ND cache queue for packets coming on VXLAN access ports.
nhop
400
400
1024
Inter VRF route leak unresolved data packets for ARP resolution.
icmp-redirect
1000
1000
256
Data packets to CPU for ICMP redirect packet generation.