ENARSI Knowledge Category

Control Plane Policing (CoPP) Tutorial

The IP traffic managed by a device can be divided into four distinct, logical groups:

1. Data plane packets: user-generated packets that are always forwarded by network devices to other end-station devices.

2. Services plane packets: a special case of data plane packets, services plane packets are also user-generated packets that are also forwarded by network devices to other hosts, but that require high-touch handling by the network device (above and beyond normal, destination IP address-based forwarding) to forward the packet. Examples of high-touch handling include such functions as GRE encapsulation, QoS, MPLS VPNs, and SSL/IPsec encryption/decryption…

As we see in the picture below, some traffic of the services plane is “punted” (or “pulled”) to handle in the CPU while other is treated by CEF only. “Punt” is often used to describe the action of moving a packet from the fast path (CEF) to the route processor for handling.

3. Control plane packets: Network device generated or received packets that are used for the creation and operation of the network itself. Control plane packets are always handled by the CPU in the network device route processor. Examples include packets of routing protocols like OSPF, EIGRP, BGP or some other non-routing protocols like CDP…

4. Management plane packets: packets that are used to manage the network. Examples include protocols such as Telnet, SSH, SNMP, NTP…

Packet_Planes.jpg

Read more…

DMVPN Tutorial

One of the most popular network topology in practical nowadays is shown below with one HeadQuarter connecting to branch offices at some locations. The main enterprise resources are located in the HeadQuarter.

DMVPN_Topo.jpg

The router at the HeadQuarter undertakes the role of a Hub while branch routers take the role of Spokes. In this Hub-and-Spoke topology, each Branch can access some resources on the HeadQuarter. But there are some disadvantages with this topology:

+ When a spoke wants to communicate with another Spoke, it must go through the Hub which increases the traffic passing through the Hub, increase CPU and memory usage on Hub and can create bottle-neck problem. This also increases latency for time-sensitive applications such as VoIP, video conference…
+ Each site requires a static public IP address if the environment between them are public (like the Internet).
+ The configuration is complex, especially with large network. When a new Spoke is added, additional configuration is required on Hub

Read more…