Table of Contents Link to heading
Control Plane Policing (CoPP) Link to heading
Info
CoPP protects the route processor (RP) or the control plane (CPU) of a router or
switch by rate-limiting and filtering traffic destined to the device itself.
Without CoPP:
- Excessive traffic โ CPU overload
- Control-plane DoS โ routing protocols fail
- SSH / SNMP / routing adjacency drops
CoPP prevents:
- DoS attacks
- CPU exhaustion
- Control-plane flooding
Control Plane Traffic Link to heading
Traffic destined to the router/switch itself:
| Class | Examples |
|---|---|
| Routing | OSPF, EIGRP, BGP |
| Management | SSH, SNMP |
| ICMP | Ping, traceroute |
| ARP | ARP requests |
| Default | Everything else |
Not applied to transit traffic passing through the device.
Configuration Link to heading
Traffic Classification Link to heading
Step 1 โ Define ACL (match traffic)
ip access-list extended COPP-OSPF
permit ospf any any
Step 2 โ Define Class Map
class-map match-all CMAP-OSPF
match access-group name COPP-OSPF
Traffic Treatment Link to heading
Step 3 โ Define Policy Map (rate-limit)
policy-map PMAP-COPP
class CMAP-OSPF
police 64000 conform-action transmit exceed-action drop
Apply Policy Link to heading
Step 4 โ Apply to Control Plane
control-plane
service-policy input PMAP-COPP
Verification Link to heading
show policy-map control-plane
show access-lists
show class-map