Hello, I have read cisco's doc about cpp and i've also read the good documentation written by John Kristoff about cpp in wich are included some implementation example. I do some test in our lab environment, a GSR 12410 with IOS 12.0(32)S2 but i'm not satisfied with the result. Suppose this sample conf: access-list 168 permit icmp any loopback0 0.0.0.0 access-list 169 permit any class-map cp-icmp match access-group 168 class-map cp-default match access-group 169 policy-map cp-traffic class cp-icmp police 8000 conform-action transmit exceed-action drop class cp-default priority control-plane service-policy input cp-traffic Then i ping from a host or a router the loopback0 and i noticed that only if i set an MTU or packet size > 1500, in fact 1480 so with the standar ip header is always 1500, the policy take effect. In fact if i issue the sh policy-map control-plane with small packet size all traffic seems to be matched by the cp-default class: Service-policy input: cp-traffic (225) Class-map: cp-icmp (match-all) (4925921/1) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 168 (15210210) police: cir 8000 bps, bc 4470 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: cp-default (match-all) (14530241/2) 151 packets, 11967 bytes 5 minute offered rate 2000 bps, drop rate 0 bps Match: access-group 3 (1872818) Class-map: class-default (match-any) (9318433/0) 3149 packets, 333931 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: any (4397474) Instead with a greater size: Class-map: cp-icmp (match-all) (4925921/1) 22 packets, 16896 bytes 5 minute offered rate 2000 bps, drop rate 0 bps Match: access-group 168 (15210210) police: cir 8000 bps, bc 4470 bytes conformed 20 packets, 13888 bytes; actions: transmit exceeded 2 packets, 3008 bytes; actions: drop conformed 2000 bps, exceed 0 bps Is there anyone with some idea or anyone that can share experience with me ? Thanks Gianluca Italy