My tests showed me that OSPF matched on cef-exception
*Mar 1 01:51:20.383: %CP-6-IP: PERMIT 136.1.2.3 -> 224.0.0.5 ospf
Simple config:
policy-map type logging OSPF1
class OSPF1
log interval 500
Applied to both and hits increase on cef-exception
HOST:
Control plane host path counters :
Feature Packets Processed/Dropped/Errors
--------------------------------------------------------
Control-plane Logging 0/0/0
--------------------------------------------------------
CEF:
Control plane cef-exception path counters :
Feature Packets Processed/Dropped/Errors
--------------------------------------------------------
Control-plane Logging 28/0/0
--------------------------------------------------------
On Wed, May 18, 2011 at 2:14 PM, Bruno <[email protected]> wrote:
> That trap.
> No idea Kings. Curious as well.
>
> Did you lab this up? It may answer that for you
>
> On Wed, May 18, 2011 at 1:03 PM, Kingsley Charles <
> [email protected]> wrote:
>
>> If there is a task to drop OSPF packets, should we use control plane host
>> or cef-exception sub-interface?
>>
>> With regards
>> Kings
>>
>>
>> On Wed, May 18, 2011 at 8:56 PM, Kingsley Charles <
>> [email protected]> wrote:
>>
>>> Hi all
>>>
>>> One of Control Plane Host subinterface's purpose is to control routing
>>> protocol packets incoming rate. EBGP directly connected peers and OSPF
>>> packets uses TTL of 1. Similarly all packets to 224.0.0.1 (all system
>>> multicast address) is sent with TTL with 1.
>>>
>>> Hence it seems these packets will go to CEF Exception sub-interface not
>>> to the Host Sub-interfaces. I observed OSPF falling into CEF Exception
>>> sub-interface.
>>>
>>> Just wondering why Cisco has decided to push packets of TTL = 1 to
>>> CEF-exception sub-interface.
>>>
>>> Snippet from
>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_prot_ps6441_TSD_Products_Configuration_Guide_Chapter.html
>>>
>>> *Control-plane host subinterface*. This interface receives all
>>> control-plane IP traffic that is directly destined for one of the router
>>> interfaces. Examples of control-plane host IP traffic include tunnel
>>> termination traffic, management traffic or routing protocols such as
>>> SSH, SNMP, BGP, OSPF, and EIGRP. All host traffic terminates on and is
>>> processed by the router. Most control plane protection features and policies
>>> operate strictly on the control-plane host subinterface. Since most critical
>>> router control plane services, such as routing protocols and management
>>> traffic, is received on the control-plane host subinterface, it is critical
>>> to protect this traffic through policing and protection policies. CoPP,
>>> port-filtering and per-protocol queue thresholding protection features can
>>> be applied on the control-plane host subinterface.
>>>
>>>
>>> The control-plane host subinterface only supports TCP/UDP-based host
>>> traffic. All IP packets entering the control-plane matching any of the
>>> following conditions are not classified any further and are redirected to
>>> the cef-exception subinterface:
>>>
>>> •IP Packets with IP options.
>>>
>>> *•**IP Packets with TTL less than or equal to 1.*
>>>
>>>
>>> With regards
>>> Kings
>>>
>>
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com
>>
>
>
>
> --
> Bruno Fagioli (by Jaunty Jackalope)
> Cisco Security Professional
>
--
Bruno Fagioli (by Jaunty Jackalope)
Cisco Security Professional
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
