2024年3月29日发(作者:)

1.1 使用 CoPP 保护 CPU

COPP的配置跟qos policy配置非常相似。首先需要定义匹配特殊报文的acl,然后

创建class-map匹配acl,接着创建copp-policy-map并设置允许上cpu的速率,因此

下面不再仔细介绍。

1.2 配置举例

COPP策略的配置步骤:

(1)定义流量类型,Access-list配置如下:

access-list 120 permit tcp any any fragments

access-list 121 permit tcp host 10.1.1.3 eq bgp host 10.1.1.1 gt 1024

access-list 122 permit udp host 10.2.2.3 host 10.1.1.1 eq ntp

access-list 123 permit icmp any any packet-too-big

access-list 124 permit udp any host 10.1.1.1 eq snmp

access-list 125 permit ip any any

(2)按流量类型分类,class-map定义如下:

class-map copp-known-undesirable

match access-group 120

class-map copp-critical

match access-group 121

class-map copp-important

match access-group 122

class-map copp-normal

match access-group 123

class-map copp-reactive-undesirable

match access-group 124

class-map copp-catch-all

match access-group 125

(3)定义copp policy策略,对各个分类的流量进行限速,配置如下: