EasyManua.ls Logo

Alcatel-Lucent 7450 - Page 217

Alcatel-Lucent 7450
554 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security
7450 ESS System Mangement Guide Page 217
Parameters packet-rate-limit — Specifies a packet arrival rate limit in packets per second.
Values 1 — 65535, max (max indicates no limit)
log-events — issues a tmnxCpmProtViolSapOutProf, tmnxCpmProtViolIfOutProf, or
tmnxCpmProtViolSdpBindOutProf log event and tracks violating interfaces when the out-
profile-rate is exceeded. Supported on CPM3 and above only.
overall-rate
Syntax overall-rate packet-rate-limit
no overall-rate
Context config>sys>security>cpu-protection>policy
Description This command applies a maximum packet arrival rate limit (applied per SAP/interface) for the entire
SAP/interface, above which packets will be discarded immediately. The rate defined is a global rate
limit for the interface regardless of how many traffic flows are present on the SAP/interface. It is a
per-SAP/interface rate.
The no form of the command sets overall-rate parameter back to the default value.
Default max for cpu-protection-policy-id 1 — 253
6000 for cpu-protection-policy-id 254 (default access interface policy)
max for cpu-protection-policy-id 255 (default network interface policy)
Parameters packet-rate-limit — Specifies a packet arrival rate limit in packets per second.
Values 1 — 65535, max (max indicates no limit)
per-source-rate
Syntax per-source-rate packet-rate-limit
no per-source-rate
Context config>sys>security>cpu-protection>policy
Description This command configures a per-source packet arrival rate limit. Use this command to apply a packet
arrival rate limit on a per source basis. A source is defined as a unique combination of SAP and MAC
source address (mac-monitoring) or SAP and source IP address (ip-src-monitoring). The CPU will
receive no more than the configured packet rate from each source (only certain protocols are rate lim-
ited for ip-src-monitoring as configured under ‘include-protocols’ in the cpu protection policy). The
measurement is cleared each second.
This parameter is only applicable if the policy is assigned to an interface (some examples include
saps, subscriber-interfaces, and spoke-sdps), and the mac-monitor or ip-src-monitor keyword is
specified in the cpu-protection configuration of that interface.
The ip-src-monitoring is useful in subscriber management architectures that have routers between the
subscriber and the BNG (router). In layer-3 aggregation scenarios, all packets from all subscribers

Table of Contents

Other manuals for Alcatel-Lucent 7450

Preview: Quality Of Service Guide
Quality Of Service Guide912 pages
Preview: Guide
Guide816 pages
Preview: Configuration Guide
Configuration Guide778 pages
Preview: Basic System Configuration Guide
Basic System Configuration Guide576 pages
Preview: Brochure
Brochure12 pages

Related product manuals