COPP cir값 수정하기

안녕하세요.

 

Nexus 9K 장비를 기준으로 COPP를 수정하는 방법에 대해 공식가이드 문서는 아래의 링크로 남기겠습니다.

 

가이드를 봤으나, 이해가 되지 않는 우리 초보자들에게는 콕짚어 어떻게 하는지를 알아야 이해하기 쉽겠죠 ^^

 

아래의 내용을 보시고 쉽게 이해가 되시길 바라겠습니다.

 

class-map copp-system-p-class-monitoring (match-any)

      match access-group name copp-system-p-acl-icmp

      match access-group name copp-system-p-acl-icmp6

      match access-group name copp-system-p-acl-traceroute

      set cos 1

      police cir 360 kbps , bc 128000 bytes <<< Police cir 값을 수정할겁니다.

      module 1 :

        transmitted 0 bytes;

        5-minute offered rate 0 bytes/sec

        conformed 0 peak-rate bytes/sec

 

        dropped 0 bytes;

        5-min violate rate 0 byte/sec

        violated 0 peak-rate byte/sec

 

1. Copy the default CoPP:

  

Switch# copp copy profile strict suffix TEST

The default CoPP policy-map name is "copp-policy-strict".

We copy this with the suffix "TEST", which is "copp-policy-strict-TEST"

  

2. Modify the CIR for the copied policy-map:

  

switch(config)# policy-map type control-plane copp-policy-strict-TEST

switch(config-pmap)# class copp-class-monitoring-TEST <<< This class-map match the icmp traffic

switch(config-pmap-c)# police cir **** Kbps <<< ex:) police cir 512 kbps

 

3.Apply the cop set on the control-plane

 

switch(config)# control-plane

switch(config-cp)# service-policy input copp-policy-strict-TEST

This operation can cause disruption of control traffic. Proceed (y/n)? [no] y

 

4. Check result

 

switch(config)# show policy-map interface control-plane class copp-class-monitoring-TEST

Control Plane

 

  Service-policy  input: copp-policy-strict-TEST

 

    class-map copp-class-monitoring-TEST (match-any)

      match access-group name copp-acl-icmp-TEST

      match access-group name copp-acl-icmp6-TEST

      match access-group name copp-acl-traceroute-TEST

      set cos 1

      police cir 512 kbps , bc 32000 bytes

      module 1 :

        transmitted 0 bytes;

        5-minute offered rate 0 bytes/sec

        conformed 0 peak-rate bytes/sec

 

        dropped 0 bytes;

        5-min violate rate 0 byte/sec

        violated 0 peak-rate byte/sec