We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

460 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Hello

    Interesting topic and good explanation.

    From what I understand with control plane policing and protection we create a filter between the interface and the CPU to filter packets handled by the CPU of the router.

    Correct me if i ’ m wrong but with your example

    which is enabling policing for incoming traffic to the router, an incoming ssh packet for example to the router will not be dropped but will not be under inspection either .

    Is this correct?



  2. Hello Kostas

    Yes, that is correct. We can filter the number of packets destined to the router itself, and thus, we limit the number of packets that the CPU must process. Keep in mind however that even data plane traffic uses CPU resources (for decapsulating, routing, re-encapsulating etc) as

    ... Continue reading in our forum

  3. Hello

    Thank you for the explanation.

    I was reading about CoPP and I read on a forum an example on why to use it.

    It was mentioned that if for example you want to filter traffic to an outside interface with an access list , and someone manage to send a lot of traffic to that interface , even though the traffic will be dropped as it matches the drop action in the access list ,this will have an impact on CPU .

    On the other hand with CoPP you will have a silent drop meaning packets will never reach CPU .

    In this example applying an access list to an interface for t

    ... Continue reading in our forum

  4. Geia sou (hello) Kostas

    This is a very important aspect that you bring up. There are several things that come into play.

    Under normal operation, a networking device that receives control plane traffic will “punt” the packet to the CPU to be processed. The term “punt” is used to describe the action of moving a packet from the fast path to the route processor or CPU for handling. CoPP will block the packet from even reaching the CPU therefore there is no impact on the CPU itself. Take a look at the following diagram taken from this Cisco Documentation:


    ... Continue reading in our forum

  5. Thank you so much for your response.
    The documentation really helped me a lot as well.

2 more replies! Ask a question or join the discussion by visiting our Community Forum