When configuring CoPP on a device, pay attention to the following points:
- CoPP configures control policy of the traffic from the ASIC to CPU. It is a very sensitive process of the whole switch OS. Any incorrect setting could impact the stability or could even paralyze the normal network operation. It is therefore highly recommended to KEEP the default configurations of CoPP to ensure the system and network stability.
The CoPP policy takes effect only on the packets directed to the CPU.
Users should not change the default sequence number of the system pre-defined control plane protocols. Please refer to Default Settings for CoPP for details about the pre-defined control plane protocols.
- For the current PicOS realization, IPv6 firewall filter rules are only supported on switch platforms of PRONTO3295, PRONTO3290, PRONTO3297 and AS4610_54P.
- The total value of min-bandwidth-pps of all activated queues should be less than CPU-affordable bandwidth, which should be the maximum bandwidth threshold to the CPU that is different depending on platform.
- Maximum of 32 CoPP matching rules specified with sequence number can be configured separately for IPv4 and IPv6 in the whole switch system.
- Users can change the pre-defined CoPP policies but are NOT allowed to delete them.
- It is acceptable that packets might be lost when users are making changes to the CoPP policies, such as when queue mapping is being set.
- The prerequisite of the protocol related CoPP policy taking effect is that the protocol function works well. BPDU, LLDP, LACP and ARP are not subject to this limitation.
- BPDU, LLDP, LACP and ARP cannot be classified through the protocol matching field, as they are not an IP protocol. You can classify these protocol packets through other matching fields, such as destination-mac-address, destination-port and ether-type.
- Adding IPv6 firewall filter rule could occupy as many as 128 TCAM ACL entries.
- The ranges of max-bandwidth-pps and min-bandwidth-pps are different on different platform.
- Although the realization and commands of CoPP use the QoS related module of CoS (Class of Service) and Firewall Filter Rule, but CoPP has its own command line with a fixed keyword copp, distinguishing it from the ACL feature.
set firewall filter copp sequence from protocol icmp and set firewall filter copp sequence from protocol igmp commands configure the firewall filter rules based on the ICMP or IGMP protocol type for only IPv4 traffic classification. To configure the firewall filter rule based on the ICMP or IGMP protocol type for IPv6 traffic classification, use the set firewall filter copp sequence from protocol others command with the protocol number.