VRF definition
SONiC expects all vrf start with 'Vrf', i.e.
ip vrf Vrf_tenant1 ip vrf Vrf_internet1
One cannot just name vrf as tenant1
VLAN definition
interface Vlan10 ip vrf forwarding Vrf_tenant1 ip anycast-address 10.10.10.1/24 ! interface Vlan999 description "itervlan SVI" ip vrf forwarding Vrf_tenant1 ipv6 enable ! interface Vlan888 ip vrf forwarding Vrf_internet1 ipv6 enable !
VXLAN anycast gateway is configured using ip anycast-address.
Vlan888 is associated vith Vrf_internet1 which has 0.0.0.0/0 towards VPP router providing NAT.
ip route vrf Vrf_internet1 0.0.0.0/0 100.64.88.1 track 8
Default is added or removed based on availability of 100.64.88.1 which is checked by IP SLA echo ping.
Loopback definition
interface Loopback 0 ip address 192.168.55.4/32 ip ospf area 0.0.0.0 !
Spine facing ports
interface Ethernet0 description to_sp1 mtu 9202 speed 25000 unreliable-los auto no shutdown ip address 10.0.14.101/24 ip ospf area 0.0.0.0 ip ospf cost 10 ! interface Ethernet1 description to_sp2 mtu 9202 speed 25000 unreliable-los auto no shutdown ip address 10.0.24.4/24 ip ospf area 0.0.0.0 ip ospf cost 10 !
Server facing ports
interface Ethernet8 mtu 9100 speed 25000 unreliable-los auto no shutdown switchport access Vlan 10 ! interface Ethernet9 mtu 9100 speed 25000 unreliable-los auto no shutdown switchport access Vlan 10 !
Port facing VPP router providing default gateway
interface Ethernet7 description to_vpp1 mtu 9100 speed 25000 unreliable-los auto no shutdown ip vrf forwarding Vrf_internet1 ip address 100.64.88.0/31 !
OSPF for underlay
router ospf ospf router-id 192.168.55.4 passive-interface default area 0.0.0.0 no passive-interface Ethernet0 no passive-interface Ethernet1 !
BGP configuration
BGP is established to both spines sp1 and sp2
router bgp 65000 router-id 192.168.55.4 log-neighbor-changes timers 60 180 ! address-family l2vpn evpn advertise-all-vni dup-addr-detection ! neighbor 192.168.99.1 remote-as 65000 update-source interface Loopback 0 ! address-family l2vpn evpn activate ! neighbor 192.168.99.2 remote-as 65000 update-source interface Loopback 0 ! address-family l2vpn evpn activate !
Additionally we need BGP under vrf for every tenenat on that switch
router bgp 65000 vrf Vrf_tenant1 log-neighbor-changes timers 60 180 ! address-family ipv4 unicast maximum-paths 16 maximum-paths ibgp 16 import vrf Vrf_internet1 ! address-family l2vpn evpn advertise ipv4 unicast route-target import 65000:555 route-target both auto route-target import 65000:888 dup-addr-detection !
Note that import vrf Vrf_internet1 is needed to import all routes from Vrf_internet1 located on the same switch, while route-target import 65000:888 imports routes from other switches which may carry default and other routes as well.
Below is the configuration for the exporting default redistribute static and local interfaces redistribute connected to BGP EVPN by route-target export auto and importing tenant1 by route-target import 65000:999000
router bgp 65000 vrf Vrf_internet1 log-neighbor-changes timers 60 180 ! address-family ipv4 unicast redistribute connected redistribute static maximum-paths 16 maximum-paths ibgp 16 ! address-family l2vpn evpn advertise ipv4 unicast route-target import 65000:999000 route-target export auto dup-addr-detection !
route-target both auto in our case means both import and export of the 65000:999000
since L3 VNI for Vrf_tenant1 is associated with Vlan999
which is mapped to VNI 999000 and our ASN is 65000
route-target import 65000:555 imports external routers which are present on one switch only and associated with VNI 555 there.
There is no need to configure VNI 555 on that switch, import is enough.
VTEP definition
interface vxlan vtep1 source-ip 192.168.55.4 qos-mode pipe dscp 0 map vni 10000 vlan 10 map vni 999000 vlan 999 map vni 999000 vrf Vrf_tenant1 !
map vni 999000 vrf Vrf_tenant1 defines L3 VNI.
On NX-OS member vni 999000 associate-vrf is used for that, additionally NX-OS maps VNIs to VLANs on vlan XXX blocks, while SONiC maps VNIs to VLANs on vtep block.
Tenancy L3 VNI verification
sonic# show bgp l2vpn evpn vni 999000 VNI: 999000(known to the kernel) Type: L3 RD: 10.10.10.1:5096 Originator IP: 192.168.55.4 Originator External IP: 0.0.0.0 Mcast group: Advertise-gw-macip: Advertise-svi-macip: Advertise-pip: True System-IP: 192.168.55.4 System-MAC: 0c:39:b3:ac:00:0a Router-MAC: 0c:39:b3:ac:00:0a Import Route Target: 65000:555 65000:999000 Export Route Target: 65000:999000
However, show bgp l2vpn evpn route vni 999000 says
sonic# show bgp l2vpn evpn route vni 999000 VNI not found
On other side, show ip route vrf Vrf_tenant1 shows all external routes (99.x.x.x) are reachable
sonic# show ip route vrf Vrf_tenant1
Codes: K - kernel route, C - connected, S - static, B - BGP, O - OSPF
> - selected route, * - FIB route, q - queued route, r - rejected route
Destination Gateway Dist/Metric Last Update
--------------------------------------------------------------------------------------------------------------------------------
B 10.10.10.0/24 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
C>* 10.10.10.0/24 Direct Vlan10 0/0 02:09:28 ago
B>* 10.10.10.101/32 via 192.168.55.1 Vlan999 200/0 00:06:57 ago
B>* 10.10.10.102/32 via 192.168.55.2 Vlan999 200/0 00:06:57 ago
B>* 10.10.10.103/32 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 10.10.20.0/24 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 10.10.20.205/32 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 99.0.0.0/8 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 99.0.0.0/22 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 99.0.1.0/24 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 99.0.2.0/24 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
B>* 99.0.3.0/24 via 192.168.55.3 Vlan999 200/0 00:06:57 ago
Verification
Ping between VLANs is carried by VNI 999000
Frame 1742: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface -, id 0
Ethernet II, Src: 0c:72:fa:dc:00:06 (0c:72:fa:dc:00:06), Dst: 0c:39:b3:ac:00:0a (0c:39:b3:ac:00:0a)
Internet Protocol Version 4, Src: 192.168.55.3, Dst: 192.168.55.4
User Datagram Protocol, Src Port: 55097, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 999000
Reserved: 0
Ethernet II, Src: 0c:36:00:00:1b:08 (0c:36:00:00:1b:08), Dst: 0c:39:b3:ac:00:0a (0c:39:b3:ac:00:0a)
Internet Protocol Version 4, Src: 10.10.20.205, Dst: 10.10.10.14
Internet Control Message Protocol
Ping in the same VLAN is carried by VNI 10000
Frame 1719: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface -, id 0
Ethernet II, Src: 0c:39:b3:ac:00:0a (0c:39:b3:ac:00:0a), Dst: 0c:72:fa:dc:00:06 (0c:72:fa:dc:00:06)
Internet Protocol Version 4, Src: 192.168.55.4, Dst: 192.168.55.3
User Datagram Protocol, Src Port: 46660, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 10000
Reserved: 0
Ethernet II, Src: 0c:14:05:9b:00:00 (0c:14:05:9b:00:00), Dst: 4e:84:cf:c0:21:77 (4e:84:cf:c0:21:77)
Internet Protocol Version 4, Src: 10.10.10.14, Dst: 10.10.10.103
Internet Control Message Protocol
Ping toward external destination is carried by VNI 999000
Frame 1661: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface -, id 0
Ethernet II, Src: 0c:39:b3:ac:00:0a (0c:39:b3:ac:00:0a), Dst: 0c:72:fa:dc:00:06 (0c:72:fa:dc:00:06)
Internet Protocol Version 4, Src: 192.168.55.4, Dst: 192.168.55.3
User Datagram Protocol, Src Port: 40573, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 999000
Reserved: 0
Ethernet II, Src: 0c:39:b3:ac:00:0a (0c:39:b3:ac:00:0a), Dst: 0c:36:00:00:1b:08 (0c:36:00:00:1b:08)
Internet Protocol Version 4, Src: 10.10.10.14, Dst: 99.0.1.0
Internet Control Message Protocol
Full config
sonic# show running-configuration | no-more ! ip load-share hash ipv4 ipv4-dst-ip ip load-share hash ipv4 ipv4-src-ip ip load-share hash ipv4 ipv4-ip-proto ip load-share hash ipv4 ipv4-l4-src-port ip load-share hash ipv4 ipv4-l4-dst-port ip load-share hash ipv6 ipv6-dst-ip ip load-share hash ipv6 ipv6-src-ip ip load-share hash ipv6 ipv6-next-hdr ip load-share hash ipv6 ipv6-l4-src-port ip load-share hash ipv6 ipv6-l4-dst-port hostname sonic ssh-server vrf mgmt mac address-table aging-time 600 kdump enable kdump memory 0M-2G:256M,2G-4G:256M,4G-8G:384M,8G-:448M kdump num-dumps 3 ip anycast-mac-address 00:10:00:10:00:10 ip anycast-address enable ipv6 anycast-address enable core enable factory default profile l3 confirm port-group 1 speed 25000 port-group 2 speed 25000 port-group 3 speed 25000 port-group 4 speed 25000 port-group 5 speed 25000 port-group 6 speed 25000 port-group 7 speed 25000 port-group 8 speed 25000 port-group 9 speed 25000 port-group 10 speed 25000 port-group 11 speed 25000 port-group 12 speed 25000 ip arp timeout 1800 ipv6 nd cache expire 1800 ip vrf mgmt ip vrf Vrf_internet1 ! ip vrf Vrf_tenant1 ! ! ! nat timeout 600 tcp-timeout 86400 udp-timeout 300 ! tam ! qos scheduler-policy copp-scheduler-policy ! queue 0 type wrr weight 1 ! queue 1 meter-type packets pir 100 type wrr weight 1 ! queue 2 meter-type packets pir 600 type wrr weight 2 ! queue 3 meter-type packets pir 8000 type wrr weight 1 ! queue 4 meter-type packets pir 500 type wrr weight 1 ! queue 5 meter-type packets pir 300 type wrr weight 1 ! queue 6 meter-type packets pir 2000 type wrr weight 2 ! queue 7 meter-type packets pir 6000 type wrr weight 2 ! queue 8 meter-type packets pir 1000 type wrr weight 2 ! queue 9 meter-type packets pir 300 type wrr weight 2 ! queue 10 meter-type packets pir 3000 type wrr weight 2 ! queue 11 meter-type packets pir 3000 type wrr weight 2 ! queue 12 meter-type packets pir 2000 type wrr weight 2 ! queue 13 meter-type packets pir 5000 type wrr weight 2 ! queue 14 meter-type packets pir 10000 type wrr weight 6 ! queue 15 meter-type packets pir 5000 type wrr weight 4 ! queue 16 meter-type packets pir 5000 type wrr weight 4 ! queue 17 meter-type packets pir 500 type wrr weight 2 ! queue 18 meter-type packets pir 500 type wrr weight 2 ! queue 19 meter-type packets pir 5000 type wrr weight 3 ! queue 20 meter-type packets pir 2000 type wrr weight 10 ! queue 21 meter-type packets pir 16000 type wrr weight 30 ! queue 22 meter-type packets pir 500 type wrr weight 10 ! queue 23 meter-type packets pir 500 type wrr weight 10 ! queue 29 meter-type packets pir 200 type wrr weight 1 ! port meter-type packets ! hardware ! access-list counters per-entry ! tcam ! line vty service-policy type qos in oob-qos-policy ! interface Vlan10 ip vrf forwarding Vrf_tenant1 ip anycast-address 10.10.10.1/24 ! interface Vlan888 ip vrf forwarding Vrf_internet1 ipv6 enable ! interface Vlan999 description "itervlan SVI" ip vrf forwarding Vrf_tenant1 ipv6 enable ! interface Loopback 0 ip address 192.168.55.4/32 ip ospf area 0.0.0.0 ! interface Loopback 888 ip vrf forwarding Vrf_internet1 ip address 29.29.29.29/32 ! interface Management0 description Management0 mtu 1500 autoneg on speed 1000 ! interface Ethernet0 mtu 9202 speed 25000 unreliable-los auto no shutdown ip address 10.0.14.101/24 ip ospf area 0.0.0.0 ip ospf cost 10 ! interface Ethernet1 description to_sp2 mtu 9202 speed 25000 unreliable-los auto no shutdown ip address 10.0.24.4/24 ip ospf area 0.0.0.0 ip ospf cost 10 ! interface Ethernet2 mtu 9216 speed 25000 unreliable-los auto no shutdown ! interface Ethernet3 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet4 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet5 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet6 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet7 description to_vpp1 mtu 9100 speed 25000 unreliable-los auto no shutdown ip vrf forwarding Vrf_internet1 ip address 100.64.88.0/31 ! interface Ethernet8 mtu 9100 speed 25000 unreliable-los auto no shutdown switchport access Vlan 10 ! interface Ethernet9 mtu 9100 speed 25000 unreliable-los auto no shutdown switchport access Vlan 10 ! interface Ethernet10 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet11 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet12 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet13 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet14 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet15 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet16 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet17 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet18 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet19 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet20 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet21 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet22 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet23 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet24 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet25 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet26 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet27 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet28 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet29 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet30 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet31 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet32 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet33 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet34 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet35 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet36 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet37 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet38 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet39 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet40 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet41 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet42 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet43 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet44 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet45 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet46 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet47 mtu 9100 speed 25000 unreliable-los auto shutdown ! interface Ethernet48 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet52 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet56 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet60 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet64 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet68 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet72 mtu 9100 speed 100000 unreliable-los auto shutdown ! interface Ethernet76 mtu 9100 speed 100000 unreliable-los auto shutdown ! route-map import_external_map permit 100 match evpn vni 555 ! ip route vrf Vrf_internet1 0.0.0.0/0 100.64.88.1 track 8 ! router bgp 65000 vrf Vrf_internet1 log-neighbor-changes timers 60 180 ! address-family ipv4 unicast redistribute connected redistribute static maximum-paths 16 maximum-paths ibgp 16 ! address-family l2vpn evpn advertise ipv4 unicast route-target import 65000:999000 route-target export auto dup-addr-detection ! router bgp 65000 vrf Vrf_tenant1 log-neighbor-changes timers 60 180 ! address-family ipv4 unicast maximum-paths 16 maximum-paths ibgp 16 import vrf Vrf_internet1 ! address-family l2vpn evpn advertise ipv4 unicast route-target import 65000:555 route-target both auto route-target import 65000:888 dup-addr-detection ! router bgp 65000 router-id 192.168.55.4 log-neighbor-changes timers 60 180 ! address-family ipv4 unicast maximum-paths 1 maximum-paths ibgp 1 ! address-family l2vpn evpn advertise-all-vni dup-addr-detection ! neighbor 192.168.99.1 remote-as 65000 update-source interface Loopback 0 ! address-family l2vpn evpn activate ! neighbor 192.168.99.2 remote-as 65000 update-source interface Loopback 0 ! address-family l2vpn evpn activate ! router ospf ospf router-id 192.168.55.4 passive-interface default area 0.0.0.0 no passive-interface Ethernet0 no passive-interface Ethernet1 no passive-interface Ethernet2 ! interface vxlan vtep1 source-ip 192.168.55.4 qos-mode pipe dscp 0 map vni 888 vlan 888 map vni 10000 vlan 10 map vni 999000 vlan 999 map vni 888 vrf Vrf_internet1 map vni 999000 vrf Vrf_tenant1 ! class-map class-oob-arp match-type fields match-all match ethertype arp ! class-map class-oob-dhcp-client match-type fields match-all match ethertype ip match ip protocol udp match destination-port eq 68 ! class-map class-oob-dhcp-server match-type fields match-all match ethertype ip match ip protocol udp match destination-port eq 67 ! class-map class-oob-ip-multicast match-type fields match-all match ethertype ip match destination-address ip 224.0.0.0/4 ! class-map class-oob-ipv6-multicast match-type fields match-all match ethertype 0x86DD match destination-address ipv6 ff00::/8 ! class-map copp-system-arp match-type copp match protocol arp_req match protocol arp_resp match protocol neigh_discovery ! class-map copp-system-bfd match-type copp match protocol bfd match protocol bfdv6 ! class-map copp-system-bgp match-type copp match protocol bgp match protocol bgpv6 ! class-map copp-system-dhcp match-type copp match protocol dhcp match protocol dhcpv6 ! class-map copp-system-dhcpl2 match-type copp match protocol dhcp_l2 match protocol dhcpv6_l2 ! class-map copp-system-iccp match-type copp match protocol iccp ! class-map copp-system-icmp match-type copp match protocol icmp match protocol icmpv6 ! class-map copp-system-igmp match-type copp match protocol igmp_query ! class-map copp-system-ip2me match-type copp match protocol ip2me ! class-map copp-system-ipmc match-type copp match protocol known_l3_mc ! class-map copp-system-ipmc-unknown match-type copp match protocol unknown_l3_mc ! class-map copp-system-lacp match-type copp match protocol lacp ! class-map copp-system-lldp match-type copp match protocol lldp ! class-map copp-system-mtu match-type copp match protocol l3_mtu_error ! class-map copp-system-nat match-type copp match protocol src_nat_miss match protocol dest_nat_miss ! class-map copp-system-ospf match-type copp match protocol ospf ! class-map copp-system-pim match-type copp match protocol pim ! class-map copp-system-ptp match-type copp match protocol ptp ! class-map copp-system-sflow match-type copp match protocol sample_packet ! class-map copp-system-stp match-type copp match protocol stp match protocol pvrst ! class-map copp-system-subnet match-type copp match protocol subnet ! class-map copp-system-suppress match-type copp match protocol arp_suppress match protocol nd_suppress ! class-map copp-system-ttl match-type copp match protocol ttl_error ! class-map copp-system-udld match-type copp match protocol udld ! class-map copp-system-vrrp match-type copp match protocol vrrp match protocol vrrpv6 ! class-map default match-type any ! copp-action copp-system-arp set trap-action copy set trap-queue 10 set trap-priority 10 police cir 3000 cbs 3000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-bfd set trap-action trap set trap-queue 20 set trap-priority 20 police cir 2000 cbs 2000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-bgp set trap-action trap set trap-queue 14 set trap-priority 14 police cir 10000 cbs 10000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-dhcp set trap-action trap set trap-queue 9 set trap-priority 9 police cir 300 cbs 300 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-iccp set trap-action trap set trap-queue 16 set trap-priority 16 police cir 5000 cbs 5000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-icmp set trap-action trap set trap-queue 8 set trap-priority 8 police cir 1000 cbs 1000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-igmp set trap-action trap set trap-queue 12 set trap-priority 12 police cir 2000 cbs 2000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-ip2me set trap-action trap set trap-queue 7 set trap-priority 7 police cir 6000 cbs 6000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-ipmc set trap-action copy set trap-queue 2 set trap-priority 2 police cir 600 cbs 600 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-ipmc-unknown set trap-action copy set trap-queue 1 set trap-priority 1 police cir 100 cbs 100 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-lacp set trap-action trap set trap-queue 23 set trap-priority 23 police cir 500 cbs 500 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-lldp set trap-action trap set trap-queue 18 set trap-priority 18 police cir 500 cbs 500 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-mtu set trap-action trap set trap-queue 4 set trap-priority 4 police cir 500 cbs 500 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-nat set trap-action trap set trap-queue 5 set trap-priority 5 police cir 300 cbs 300 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-ospf set trap-action copy set trap-queue 15 set trap-priority 15 police cir 5000 cbs 5000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-pim set trap-action trap set trap-queue 13 set trap-priority 13 police cir 5000 cbs 5000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-ptp set trap-action trap set trap-queue 30 set trap-priority 30 police cir 5000 cbs 5000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-sflow set trap-action trap set trap-queue 3 set trap-priority 3 police cir 8000 cbs 8000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-stp set trap-action trap set trap-queue 21 set trap-priority 21 police cir 16000 cbs 16000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-subnet set trap-action trap set trap-queue 6 set trap-priority 6 police cir 2000 cbs 2000 police meter-type pps police mode sr_tcm red forward ! copp-action copp-system-suppress set trap-action trap set trap-queue 11 set trap-priority 11 police cir 3000 cbs 3000 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-ttl set trap-action trap set trap-queue 0 set trap-priority 0 police cir 100 cbs 100 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-udld set trap-action trap set trap-queue 22 set trap-priority 22 police cir 500 cbs 500 police meter-type pps police mode sr_tcm red drop ! copp-action copp-system-vrrp set trap-action trap set trap-queue 17 set trap-priority 17 police cir 500 cbs 500 police meter-type pps police mode sr_tcm red drop ! copp-action default set trap-queue 0 police cir 100 cbs 100 police meter-type pps police mode sr_tcm red drop ! policy-map copp-system-policy type copp class default priority 0 set copp-action default ! class copp-system-vrrp priority 0 set copp-action copp-system-vrrp ! class copp-system-udld priority 0 set copp-action copp-system-udld ! class copp-system-ttl priority 0 set copp-action copp-system-ttl ! class copp-system-suppress priority 0 set copp-action copp-system-suppress ! class copp-system-subnet priority 0 set copp-action copp-system-subnet ! class copp-system-stp priority 0 set copp-action copp-system-stp ! class copp-system-sflow priority 0 set copp-action copp-system-sflow ! class copp-system-ptp priority 0 set copp-action copp-system-ptp ! class copp-system-pim priority 0 set copp-action copp-system-pim ! class copp-system-ospf priority 0 set copp-action copp-system-ospf ! class copp-system-nat priority 0 set copp-action copp-system-nat ! class copp-system-mtu priority 0 set copp-action copp-system-mtu ! class copp-system-lldp priority 0 set copp-action copp-system-lldp ! class copp-system-lacp priority 0 set copp-action copp-system-lacp ! class copp-system-ipmc-unknown priority 0 set copp-action copp-system-ipmc-unknown ! class copp-system-ipmc priority 0 set copp-action copp-system-ipmc ! class copp-system-ip2me priority 0 set copp-action copp-system-ip2me ! class copp-system-igmp priority 0 set copp-action copp-system-igmp ! class copp-system-icmp priority 0 set copp-action copp-system-icmp ! class copp-system-iccp priority 0 set copp-action copp-system-iccp ! class copp-system-dhcpl2 priority 0 set copp-action copp-system-dhcp ! class copp-system-dhcp priority 0 set copp-action copp-system-dhcp ! class copp-system-bgp priority 0 set copp-action copp-system-bgp ! class copp-system-bfd priority 0 set copp-action copp-system-bfd ! class copp-system-arp priority 0 set copp-action copp-system-arp ! ! policy-map oob-qos-policy type qos description "QoS Ratelimiting policy for OOB port" class class-oob-dhcp-client priority 1020 police cir 512000 ! class class-oob-dhcp-server priority 1015 police cir 512000 ! class class-oob-arp priority 1010 police cir 256000 ! class class-oob-ipv6-multicast priority 1005 police cir 256000 ! class class-oob-ip-multicast priority 1000 police cir 256000 ! ! ip sla 8 frequency 1 icmp-echo 100.64.88.1 source-vrf Vrf_internet1