Yes Parvees, EIGRP/IBGP in host sub-interface and OSPF/EBGP in cef-exception sub-interface.
With regards Kings On Wed, May 18, 2011 at 10:36 PM, Parvees M <[email protected]> wrote: > Kings, > > As far i understand > > OSPF should be on cef-exception and EIGRP it should be host subinterface > > > see the following > > > http://www.cisco.com/web/about/security/intelligence/understanding-cppr.html > > > With best regards, > > Parvees M Davida > CCIE Security (Q) , CCNP ,CISSP,JNCIS-FWV,ITIL V3 > > > > > > > On Wed, May 18, 2011 at 8:03 PM, Kingsley Charles < > [email protected]> wrote: > >> If there is a task to drop OSPF packets, should we use control plane host >> or cef-exception sub-interface? >> >> With regards >> Kings >> >> On Wed, May 18, 2011 at 8:56 PM, Kingsley Charles < >> [email protected]> wrote: >> >>> Hi all >>> >>> One of Control Plane Host subinterface's purpose is to control routing >>> protocol packets incoming rate. EBGP directly connected peers and OSPF >>> packets uses TTL of 1. Similarly all packets to 224.0.0.1 (all system >>> multicast address) is sent with TTL with 1. >>> >>> Hence it seems these packets will go to CEF Exception sub-interface not >>> to the Host Sub-interfaces. I observed OSPF falling into CEF Exception >>> sub-interface. >>> >>> Just wondering why Cisco has decided to push packets of TTL = 1 to >>> CEF-exception sub-interface. >>> >>> Snippet from >>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_prot_ps6441_TSD_Products_Configuration_Guide_Chapter.html >>> >>> *Control-plane host subinterface*. This interface receives all >>> control-plane IP traffic that is directly destined for one of the router >>> interfaces. Examples of control-plane host IP traffic include tunnel >>> termination traffic, management traffic or routing protocols such as >>> SSH, SNMP, BGP, OSPF, and EIGRP. All host traffic terminates on and is >>> processed by the router. Most control plane protection features and policies >>> operate strictly on the control-plane host subinterface. Since most critical >>> router control plane services, such as routing protocols and management >>> traffic, is received on the control-plane host subinterface, it is critical >>> to protect this traffic through policing and protection policies. CoPP, >>> port-filtering and per-protocol queue thresholding protection features can >>> be applied on the control-plane host subinterface. >>> >>> >>> The control-plane host subinterface only supports TCP/UDP-based host >>> traffic. All IP packets entering the control-plane matching any of the >>> following conditions are not classified any further and are redirected to >>> the cef-exception subinterface: >>> >>> •IP Packets with IP options. >>> >>> *•**IP Packets with TTL less than or equal to 1.* >>> >>> >>> With regards >>> Kings >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
