Hi Tyson I didn't mention that TCP/UDP alone are supported in host control-plane. I wanted to convey that OSPF packets fall into cef exception sub-interface as the TTL is "1".
With regards Kings On Fri, May 27, 2011 at 10:00 AM, Tyson Scott <[email protected]> wrote: > Kings, > > > > Where did you get the statement of only UDP/TCP is supported on the host > control-plane? I am curious as I am not sure about that. This is an > interesting discussion. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Bruno > *Sent:* Wednesday, May 18, 2011 1:27 PM > *To:* Kingsley Charles > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] BGP, OSPF to CPPr CEF-exception > subinterface > > > > My tests showed me that OSPF matched on cef-exception > > *Mar 1 01:51:20.383: %CP-6-IP: PERMIT 136.1.2.3 -> 224.0.0.5 ospf > > Simple config: > > policy-map type logging OSPF1 > class OSPF1 > log interval 500 > > Applied to both and hits increase on cef-exception > > HOST: > > Control plane host path counters : > > Feature Packets Processed/Dropped/Errors > > -------------------------------------------------------- > Control-plane Logging 0/0/0 > > -------------------------------------------------------- > > > > CEF: > > Control plane cef-exception path counters : > > Feature Packets Processed/Dropped/Errors > > -------------------------------------------------------- > Control-plane Logging 28/0/0 > > -------------------------------------------------------- > > On Wed, May 18, 2011 at 2:14 PM, Bruno <[email protected]> wrote: > > That trap. > No idea Kings. Curious as well. > > Did you lab this up? It may answer that for you > > On Wed, May 18, 2011 at 1:03 PM, Kingsley Charles < > [email protected]> wrote: > > If there is a task to drop OSPF packets, should we use control plane host > or cef-exception sub-interface? > > With regards > Kings > > > > On Wed, May 18, 2011 at 8:56 PM, Kingsley Charles < > [email protected]> wrote: > > Hi all > > One of Control Plane Host subinterface's purpose is to control routing > protocol packets incoming rate. EBGP directly connected peers and OSPF > packets uses TTL of 1. Similarly all packets to 224.0.0.1 (all system > multicast address) is sent with TTL with 1. > > Hence it seems these packets will go to CEF Exception sub-interface not to > the Host Sub-interfaces. I observed OSPF falling into CEF Exception > sub-interface. > > Just wondering why Cisco has decided to push packets of TTL = 1 to > CEF-exception sub-interface. > > Snippet from > http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_prot_ps6441_TSD_Products_Configuration_Guide_Chapter.html > > *Control-plane host subinterface*. This interface receives all > control-plane IP traffic that is directly destined for one of the router > interfaces. Examples of control-plane host IP traffic include tunnel > termination traffic, management traffic or routing protocols such as SSH, > SNMP, BGP, OSPF, and EIGRP. All host traffic terminates on and is > processed by the router. Most control plane protection features and policies > operate strictly on the control-plane host subinterface. Since most critical > router control plane services, such as routing protocols and management > traffic, is received on the control-plane host subinterface, it is critical > to protect this traffic through policing and protection policies. CoPP, > port-filtering and per-protocol queue thresholding protection features can > be applied on the control-plane host subinterface. > > The control-plane host subinterface only supports TCP/UDP-based host > traffic. All IP packets entering the control-plane matching any of the > following conditions are not classified any further and are redirected to > the cef-exception subinterface: > > •IP Packets with IP options. > > *•IP Packets with TTL less than or equal to 1.* > > > > With regards > Kings > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
