LPTS (Local Packet Transport Services)

The IOS-XR product line does not use CoPP, instead it uses LPTS (Local Packet Transport Services) to preform policing of control plane traffic.

LPTS is a process on each line card which is responsible for punting traffic destined to the router to the line card CPU (such as ARP, ICMP, BFD, OAM) or punting traffic to the RP CPU (such as LDP, PIM, BGP, etc). LPTS even plays a role in supporting NSR by punting traffic to both RPs.

LPTS runs by default and comes with default policing values. Generally you should not need to adjust these, and if you do so, you should configure your own values with caution.

LPTS has pre-defined flow rates that are very granular. For example, there is a separate police rate for BGP unestablished traffic, BGP traffic for a configured neighbor, and BGP traffic for a neighbor in an Established state.

On an XRv9000 you can see this with the following command:

RP/0/RP0/CPU0:XR3#show lpts pifib hardware police location 0/0/CPU0 | in "flow_type|BGP|---"
Mon Nov  7 20:05:34.458 UTC
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ----------
flow_type            priority sw_police_id hw_policer_addr Cur. Rate  burst static_avgrate avgrate_type AggrAccepts   AggrDrops     TOS Value 
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ---------- 
BGP-known            high     6            219             2500       1250  2500           Static       0             0             01234567  
BGP-cfg-peer         medium   7            220             2000       1000  2000           Static       0             0             01234567  
BGP-default          low      8            221             1500       750   1500           Static       0             0             01234567

  • Known BGP peers can transmit at 2500 pps, configured peers that are not yet Established at 2000 pps, and default 179 traffic at 1500 pps.

Lab

I’ve swapped R3 for an XR9000v, and re-used the CoPP lab topology:

Changing the police rate values on XR is quite simple. You do not need to use ACLs, because LPTS handles classification of the traffic. Instead you simply identify the protocol and set a rate limit in packets-per-second (pps). Let’s change ICMP to 3 pps.

lpts pifib hardware police
 flow icmp local rate 3

When we ping R3 from R1, only three packets get through per second.

R1#ping 3.3.3.3 repeat 28
Type escape sequence to abort.
Sending 28, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!.!!!.!!!.!!!.!!!.!!!.!!!.
Success rate is 75 percent (21/28), round-trip min/avg/max = 3/7/47 ms

On the XR router we can verify statistics using the following command:

RP/0/RP0/CPU0:XR3#show lpts pifib hardware police location 0/0/CPU0 | in "flow_type|ICMP|---"
Mon Nov  7 20:16:31.356 UTC
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ----------
flow_type            priority sw_police_id hw_policer_addr Cur. Rate  burst static_avgrate avgrate_type AggrAccepts   AggrDrops     TOS Value 
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ---------- 
ICMP-local           medium   12           225             3          750   1500           Global       21            7             01234567  
ICMP-control         high     40           253             1000       500   1000           Static       0             0             01234567  
ICMP-app             low      52           265             1500       750   1500           Static       0             0             01234567  
ICMP-default         low      53           266             1500       750   1500           Static       0             0             01234567  
ICMP-app-default     low      90           303             1500       750   1500           Static       0             0             01234567

  • Global under avgrate_type indicates that this value was configured globally using the CLI

  • The Cur. Rate does not match the static_avgrate for the ICMP-local flow that we changed. The static_avgrate is the default rate. When you globally configure a new rate, it overrides the static (default) rate.

  • AggrAccepts are packets which matched the flow and were not dropped

  • AggrDrops are packets which matched the flow and exceeded the pps policier, and were therefore dropped

To clear statistics we can use the following command:

clear lpts pifib hardware statistics location 0/0/CPU0

Further Reading

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-0/addr_serv/configuration/guide/ic40asr9kbook_chapter7.html

https://community.cisco.com/t5/service-providers-knowledge-base/asr9000-xr-local-packet-transport-services-lpts-copp/ta-p/3123792/show-comments/true

https://xrdocs.io/ncs5500/tutorials/introduction-to-ncs55xx-and-ncs5xx-lpts/

https://www.reddit.com/r/Cisco/comments/lhmx1w/asr9k_dropping_pings_to_interfaces/

  • Interesting discussion about issue caused by LPTS

PreviousCoPP (Control Plane Policing)NextQoS

Last updated