The inability of Control Plane host interface to detect inbound OSPF packets (and the flurry of comments that followed my blog post) has prompted Sebastian and myself to search for more documentation and conduct further tests. Sebastian already had a working configuration from which he could infer most of the configuration rules and he also found the well-written Understanding CPPr document on CCO. Together with the tests I ran in my router lab, we're pretty confident the CPPr inbound packet classification rules are (approximately) as follows:
Use the latest 12.4T software (at least 12.4(15)T5) if you want reliable CPPr operation.
- control-plane aggregate service-policy disables any control-plane subinterface service policies.
- If you want to use the per-subinterface (host, transit and cef-exception) policies, you have to remove the inbound service policy from the control-plane aggregate path.
- Routed packets that cannot be CEF-switched (have to be punted to another switching mechanism) are classified as transit packets.
- Local multicast packets with destination IP addresses within IP prefix 220.127.116.11/24 and packets with TTL <= 1 are classified as transit packets in 12.4(15)T5. These packets will be classified as cef-exception packets in the future (see the Understanding CPPr document).
- Unicast packets without IP options addressed to the router and having TTL > 1 are classified as host packets.
- Non-IP traffic (ARP, Frame Relay keepalives, CDP ...) is classified as cef-exception.
The TTL-related rules explain why the router classifies IBGP packets as host packets and EBGP packets as transit packets. As soon as you configure neighbor ebgp-multihop on the router router, inbound EBGP packets become host packets.