Mailing List Archive

OS10 Enterprise CoPP
Hello everyone, I am new to Dell OS10 and I am trying to configure CoPP but it seems like it doesn't allow you to specify src/dst IP addresses in CoPP policies.

This seems pretty bad because if it counts all BGP packets the same regardless of their source you could easily DoS a switch just by sending more BGP packets to it than is configured in the CoPP policy.

I am more used to the following:

class-map match-any CoPP4-CRITICAL
match access-group name CoPP4_CRITICAL
class-map match-any CoPP4-DROP
match access-group name CoPP4_DROP

policy-map CoPP-Policy
police 512000 8000 conform-action transmit exceed-action transmit
class CoPP4-DROP
police 32000 1500 1500 conform-action drop exceed-action drop

ip access-list extended CoPP4_CRITICAL
remark this is critical
permit tcp host src.ip host dst.ip eq bgp
permit tcp host src.ip host dst.ip eq bgp

ip access-list extended CoPP4_DROP
remark CoPP entry to deny all other traffic to CPU
permit ip any any

service-policy input CoPP-Policy