Security
7450 ESS System Mangement Guide Page 223
Default rate packets max within 1
Parameters packets|kbps — specifies that the rate is either in units of packets per interval or in units of kilobits-
per-second. The packets option would typically be used for lower rates (for example, for per
subscriber DHCP rate limiting) while the kbps option would typically be used for higher rates
(for example, per interface BGP rate limiting).
ppi — Specifies packets per interval. 0..255 or max (0 = all packets are non-conformant)
• rate of max=effectively disable the policier (always conformant)
• rate of packets 0 = all packets considered non-conformant.
within seconds — Specifies the length of the ppi rate measurement interval.
Values 1..32767
initial-delay packets — The number of packets allowed (even at line rate) in an initial burst (or a
burst after the policer bucket has drained to zero) in addition to the normal “ppi”. This would
typically be set to a value that is equal to the number of received packets in several full
handshakes/negotiations of the particular protocol.
Values 1..255
kbps kilobits-per-second —
Values 1..20000000|max max = This effectively disable the policer (always conformant).
mbs — =The tolerance for the kbps rate
Values 0..4194304. A configured mbs of 0 will cause all packets to be considered non-
conformant.
bytes|kilobytes — Specifies that the units of the mbs size parameter are either in bytes or kilobytes.
Default The default mbs sets the mbs to 10ms of the kbps.
detection-time
Syntax detection-time seconds
Context config>system>security>dist-cpu-protection>policy>static-policer
Description When a policer is declared as in an “exceed” state, it will remain as exceeding until a contiguous con-
formant period of detection-time passes. The detection-time only starts after the exceed-action hold-
down is complete. If the policer detects another exceed during the detection count down then a hold-
down is once again triggered before the policer re-enters the detection time (that is, the countdown
timer starts again at the configured value). During the hold-down (and the detection-time), the policer
is considered as in an “exceed” state.
Default 30
Parameters seconds — Specifies in seconds.
Values 1..128000
To Next Page
Loading...
