Topic: Cisco 400-007 topic 1 question 19

Which two control plane policer designs must be considered to achieve high availability? (Choose two.)

A.
Control plane policers are really needed only on externally facing devices.
B.
Control plane policers can cause the network management systems to create false alarms.
C.
Control plane policers require that adequate protocols overhead are factored in to allow protocol convergence.
D.
Control plane policers must be processed before a forwarding decision is made.
E.
Control plane policers are enforced in hardware to protect the software path, but they are hardware platform-dependent in terms of classification ability.

Re: Cisco 400-007 topic 1 question 19

Change my answer to DE.
https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/qos/17-1-1/b-qos-plcshp-xe-17-1-asr920.pdf
control Protocols are already protected and have highest priority because they have the critical insert bit set which places them into the hidden system interface queue.  This queue is processed before anything else.

Re: Cisco 400-007 topic 1 question 19

MLS rate limiters and hardware CoPP are egress features and applied after the forwarding decision.
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/dos.html

Re: Cisco 400-007 topic 1 question 19

Answer> CE

Re: Cisco 400-007 topic 1 question 19

Guys it is CE ! Dont think about anything else.

Re: Cisco 400-007 topic 1 question 19

D. Control plane policers must be processed before a forwarding decision is made: This is a false statement that does not describe a control plane policer design that must be considered to achieve high availability. Control plane policers are processed after a forwarding decision is made, because they are applied on the control plane interface, which is a virtual interface that represents the CPU of the device. Control plane packets are first classified and forwarded by the hardware platform based on their destination address or queue number, and then they are policed by the control plane policers before they reach the CPU

  • J_W
  • New member
  • Offline

Re: Cisco 400-007 topic 1 question 19

The other options (A, B, D) are not directly related to achieving high availability in control plane policer designs or do not provide considerations specifically for high availability.

Re: Cisco 400-007 topic 1 question 19

Changed my mind to DE
When a packet arrives at a Cisco device, it is first checked against the CoPP policies to determine whether it should be allowed to reach the control plane. If the packet is not permitted by the CoPP policies, it is either dropped or forwarded to a different location, depending on the configuration.

After the packet has passed through the CoPP policies, the device makes a forwarding decision based on the routing table and other forwarding information. This decision determines where the packet should be sent next.

By applying CoPP before the forwarding decision is made, Cisco devices can help prevent DoS attacks and other security threats that target the control plane of the device. CoPP is an important security feature for protecting the control plane and ensuring the stability and reliability of the network.

Re: Cisco 400-007 topic 1 question 19

Can't be D, On Cisco IOS Catalyst switches, CoPP comes into play right after the switching or the routing decision and before traffic is forwarded to the control plane.

https://ptgmedia.pearsoncmg.com/images/9781587143694/downloads/i9781587143694_app02.pdf

Re: Cisco 400-007 topic 1 question 19

In the context of high availability, options C and E are more relevant because they address the importance of factoring in protocol overhead for convergence and the hardware platform-dependency of control plane policers in terms of classification ability. These considerations directly impact the effectiveness and reliability of control plane policers, which, in turn, contribute to achieving high availability in a network.