EasyManua.ls Logo

Alcatel-Lucent 7450 - Page 218

Alcatel-Lucent 7450
554 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
CPU Protection Commands
Page 218 7450 ESS System Mangement Guide
behind the same aggregation router will arrive with the same source MAC address and as such the
mac-monitoring functionality can not differentiate traffic from different subscribers.
Default max, no limit
Parameters packet-rate-limit — Specifies a per-source packet (per SAP/MAC source address or per SAP/IP
source address) arrival rate limit in packets per second.
Values 1 — 65535, max (max indicates no limit)
port-overall-rate
Syntax port-overall-rate packet-rate-limit [low-action-priority]
no port-overall-rate
Context config>sys>security>cpu-protection
Description This command configures a per-port overall rate limit for CPU protection.
Parameters packet-rate-limit — Specifies an overall per-port packet arrival rate limit in packets per second.
Values 1 — 65535, max (indicates no limit)
action-low-priority — Marks packets that exceed the rate as low-priority (for preferential discard
later if there is congestion in the control plane) instead of discarding them immediately.
Default max
protocol-protection
Syntax protocol-protection [allow-sham-links] [block-pim-tunneled]
no protocol-protection
Context config>sys>security>cpu-protection
Description This command causes the network processor on the CPM to discard all packets received for protocols
that are not configured on the particular interface. This helps mitigate DoS attacks by filtering invalid
control traffic before it hits the CPU. For example, if an interface does not have IS-IS configured,
then protocol protection will discard any IS-IS packets received on that interface.
Default no protocol-protection
Parameters allow-sham-links — Allows sham links. As OSPF sham links form an adjacency over the MPLS-
VPRN backbone network, when protocol-protection is enabled, the tunneled OSPF packets to be
received over the backbone network must be explicitly allowed.
block-pim-tunneled- Blocks extraction and processing of PIM packets arriving at the SR-OS
node inside a tunnel (for example, MPLS or GRE) on a network interface. With protocol-
protection enabled and tunneled pim blocked, PIM in an mVPN on the egress DR will not switch
traffic from the (*,G) to the (S,G) tree.

Table of Contents

Other manuals for Alcatel-Lucent 7450

Preview: Quality Of Service Guide
Quality Of Service Guide912 pages
Preview: Guide
Guide816 pages
Preview: Configuration Guide
Configuration Guide778 pages
Preview: Basic System Configuration Guide
Basic System Configuration Guide576 pages
Preview: Brochure
Brochure12 pages

Related product manuals