By default, the system does not associate a DCP policy with a SAP. The user must configure an explicit policy to enable DCP for a SAP for a supported protocol. Allocate resources for the DCP policy from the ingress internal TCAM resource pool by using the configure>system>resource-profile>ingress-internal-tcam>cpu-protection command. See the 7210 SAS-Mxp, R6, R12, S, Sx, T Basic System Configuration Guide for more information about this command.
The DCP functionality is not enabled on the service objects by default. Use the dist-cpu-protection command in the config>service context to enable the DCP functionality on service objects. The no form of the command disables the DCP functionality on service objects.
DCP policies can be applied to the following types of objects:
IES SAP
VPRN SAP
RVPLS SAP
For RVPLS, DCP rate-limits the packets arriving at the CPU, but for flooded traffic, ingress QoS or ACLs must be used.
Control packets that are extracted in an IES or a VPRN service, where the packets arrived into the node over a VPLS SAP (that is, R-VPLS scenario), will use the DCP policy and policer instances associated with the VPLS SAP. In this case, a DCP policy created for VPLS SAPs, for VPLSs that have a Layer 3 interface bound to them (R-VPLS), may have protocols such as ARP configured in the policy.