The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • Lab
  • Further Reading
  1. Security

LPTS (Local Packet Transport Services)

The IOS-XR product line does not use CoPP, instead it uses LPTS (Local Packet Transport Services) to preform policing of control plane traffic.

LPTS is a process on each line card which is responsible for punting traffic destined to the router to the line card CPU (such as ARP, ICMP, BFD, OAM) or punting traffic to the RP CPU (such as LDP, PIM, BGP, etc). LPTS even plays a role in supporting NSR by punting traffic to both RPs.

LPTS runs by default and comes with default policing values. Generally you should not need to adjust these, and if you do so, you should configure your own values with caution.

LPTS has pre-defined flow rates that are very granular. For example, there is a separate police rate for BGP unestablished traffic, BGP traffic for a configured neighbor, and BGP traffic for a neighbor in an Established state.

On an XRv9000 you can see this with the following command:

RP/0/RP0/CPU0:XR3#show lpts pifib hardware police location 0/0/CPU0 | in "flow_type|BGP|---"
Mon Nov  7 20:05:34.458 UTC
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ----------
flow_type            priority sw_police_id hw_policer_addr Cur. Rate  burst static_avgrate avgrate_type AggrAccepts   AggrDrops     TOS Value 
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ---------- 
BGP-known            high     6            219             2500       1250  2500           Static       0             0             01234567  
BGP-cfg-peer         medium   7            220             2000       1000  2000           Static       0             0             01234567  
BGP-default          low      8            221             1500       750   1500           Static       0             0             01234567

  • Known BGP peers can transmit at 2500 pps, configured peers that are not yet Established at 2000 pps, and default 179 traffic at 1500 pps.

Lab

I’ve swapped R3 for an XR9000v, and re-used the CoPP lab topology:

Changing the police rate values on XR is quite simple. You do not need to use ACLs, because LPTS handles classification of the traffic. Instead you simply identify the protocol and set a rate limit in packets-per-second (pps). Let’s change ICMP to 3 pps.

lpts pifib hardware police
 flow icmp local rate 3

When we ping R3 from R1, only three packets get through per second.

R1#ping 3.3.3.3 repeat 28
Type escape sequence to abort.
Sending 28, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!.!!!.!!!.!!!.!!!.!!!.!!!.
Success rate is 75 percent (21/28), round-trip min/avg/max = 3/7/47 ms

On the XR router we can verify statistics using the following command:

RP/0/RP0/CPU0:XR3#show lpts pifib hardware police location 0/0/CPU0 | in "flow_type|ICMP|---"
Mon Nov  7 20:16:31.356 UTC
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ----------
flow_type            priority sw_police_id hw_policer_addr Cur. Rate  burst static_avgrate avgrate_type AggrAccepts   AggrDrops     TOS Value 
-------------------- -------- ------------ --------------- ---------- ----- -------------- ------------ -----------   ---------     ---------- 
ICMP-local           medium   12           225             3          750   1500           Global       21            7             01234567  
ICMP-control         high     40           253             1000       500   1000           Static       0             0             01234567  
ICMP-app             low      52           265             1500       750   1500           Static       0             0             01234567  
ICMP-default         low      53           266             1500       750   1500           Static       0             0             01234567  
ICMP-app-default     low      90           303             1500       750   1500           Static       0             0             01234567

  • Global under avgrate_type indicates that this value was configured globally using the CLI

  • The Cur. Rate does not match the static_avgrate for the ICMP-local flow that we changed. The static_avgrate is the default rate. When you globally configure a new rate, it overrides the static (default) rate.

  • AggrAccepts are packets which matched the flow and were not dropped

  • AggrDrops are packets which matched the flow and exceeded the pps policier, and were therefore dropped

To clear statistics we can use the following command:

clear lpts pifib hardware statistics location 0/0/CPU0

Further Reading

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-0/addr_serv/configuration/guide/ic40asr9kbook_chapter7.html

https://community.cisco.com/t5/service-providers-knowledge-base/asr9000-xr-local-packet-transport-services-lpts-copp/ta-p/3123792/show-comments/true

https://xrdocs.io/ncs5500/tutorials/introduction-to-ncs55xx-and-ncs5xx-lpts/

https://www.reddit.com/r/Cisco/comments/lhmx1w/asr9k_dropping_pings_to_interfaces/

  • Interesting discussion about issue caused by LPTS

PreviousCoPP (Control Plane Policing)NextQoS

Last updated 2 years ago