My aresults are also the same.
With regards Kings On Wed, May 18, 2011 at 10:56 PM, Bruno <[email protected]> wrote: > My tests showed me that OSPF matched on cef-exception > > *Mar 1 01:51:20.383: %CP-6-IP: PERMIT 136.1.2.3 -> 224.0.0.5 ospf > > Simple config: > > policy-map type logging OSPF1 > class OSPF1 > log interval 500 > > Applied to both and hits increase on cef-exception > > HOST: > > Control plane host path counters : > > Feature Packets Processed/Dropped/Errors > > -------------------------------------------------------- > Control-plane Logging 0/0/0 > > -------------------------------------------------------- > > > > CEF: > > Control plane cef-exception path counters : > > Feature Packets Processed/Dropped/Errors > > -------------------------------------------------------- > Control-plane Logging 28/0/0 > > -------------------------------------------------------- > > > > On Wed, May 18, 2011 at 2:14 PM, Bruno <[email protected]> wrote: > >> That trap. >> No idea Kings. Curious as well. >> >> Did you lab this up? It may answer that for you >> >> On Wed, May 18, 2011 at 1:03 PM, Kingsley Charles < >> [email protected]> wrote: >> >>> If there is a task to drop OSPF packets, should we use control plane host >>> or cef-exception sub-interface? >>> >>> With regards >>> Kings >>> >>> >>> On Wed, May 18, 2011 at 8:56 PM, Kingsley Charles < >>> [email protected]> wrote: >>> >>>> Hi all >>>> >>>> One of Control Plane Host subinterface's purpose is to control routing >>>> protocol packets incoming rate. EBGP directly connected peers and OSPF >>>> packets uses TTL of 1. Similarly all packets to 224.0.0.1 (all system >>>> multicast address) is sent with TTL with 1. >>>> >>>> Hence it seems these packets will go to CEF Exception sub-interface not >>>> to the Host Sub-interfaces. I observed OSPF falling into CEF Exception >>>> sub-interface. >>>> >>>> Just wondering why Cisco has decided to push packets of TTL = 1 to >>>> CEF-exception sub-interface. >>>> >>>> Snippet from >>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_prot_ps6441_TSD_Products_Configuration_Guide_Chapter.html >>>> >>>> *Control-plane host subinterface*. This interface receives all >>>> control-plane IP traffic that is directly destined for one of the router >>>> interfaces. Examples of control-plane host IP traffic include tunnel >>>> termination traffic, management traffic or routing protocols such as >>>> SSH, SNMP, BGP, OSPF, and EIGRP. All host traffic terminates on and is >>>> processed by the router. Most control plane protection features and >>>> policies >>>> operate strictly on the control-plane host subinterface. Since most >>>> critical >>>> router control plane services, such as routing protocols and management >>>> traffic, is received on the control-plane host subinterface, it is critical >>>> to protect this traffic through policing and protection policies. CoPP, >>>> port-filtering and per-protocol queue thresholding protection features can >>>> be applied on the control-plane host subinterface. >>>> >>>> >>>> The control-plane host subinterface only supports TCP/UDP-based host >>>> traffic. All IP packets entering the control-plane matching any of the >>>> following conditions are not classified any further and are redirected to >>>> the cef-exception subinterface: >>>> >>>> •IP Packets with IP options. >>>> >>>> *•**IP Packets with TTL less than or equal to 1.* >>>> >>>> >>>> With regards >>>> Kings >>>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> >> >> -- >> Bruno Fagioli (by Jaunty Jackalope) >> Cisco Security Professional >> > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
