On the Cisco Nexus 7000 Series Switch, Control Plane Policing is enforced on which component?
A. The supervisor module enforces CoPP before out-of-policy traffic reaches the CPU
B. The fabric modules enforce CoPP in the fabric before out-of-policy traffic reaches the CPU
C. The linecards enforce CoPP locally before out-of-policy traffic reaches the CPU
D. The egress virtual output queue enforces CoPP locally before out-of-policy traffic reaches the CPU
Correct Answer: C
Explanation/Reference:
Explanation:
Only the traffic sent through the Inband interface is subject to CoPP, because this is the only traffic that reaches the Supervisor module through the forwarding engines (Fes) on the line cards. The Nexus 7000 Series Switch implementation of CoPP is hardware-based only, which means that CoPP is not performed in software by the Supervisor module. CoPP functionality (policing) is implemented on each FE independently. When the various rates are configured for CoPP policy-map, consideration must be taken in regard to the number of line cards in the system.
The total traffic received by the Supervisor is N times X, where N is the number of Fes on the Nexus 7000 system, and X is the rate allowed for the particular class. The configured policer values apply on a per FE basis, and the aggregate traffic prone to hit the CPU is the sum of the conformed and transmitted traffic on all of the Fes. In other words, traffic that hits the CPU equals the configured conform rate multiplied by the number of Fes.
N7K-M148GT-11/L LC has 1 FE
N7K-M148GS-11/L LC has 1 FE
N7K-M132XP-12/L LC has 1 FE
N7K-M108X2-12L LC has 2 FE
N7K-F248XP-15 LC has 12 FE (SOC)
N7K-M235XP-23L LC has 2 FE
N7K-M206FQ-23L LC has 2 FE
N7K-M202CF-23L LC has 2 FE
CoPP configuration is only implemented in the default virtual device context (VDC); however, the CoPP policies are applicable for all VDCs. The same global policy is applied for all line cards. CoPP applies resource sharing between VDCs if ports of the same Fes belong to different VDCs (M1 Series or M2 Series LC). For example, ports of one FE, even in different VDCs, count against the same threshold for CoPP.
If the same FE is shared between different VDCs and a given class of control plane traffic exceeds the threshold, this affects all VDCs on the same FE.
It is recommended to dedicate one FE per VDC in order to isolate CoPP enforcement, if possible.
Reference: http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/116043-copp-nexus7000-tshoot-00.html
