ETH-CFM Ingress Squelching
Page 42 7450 ESS System Mangement Guide
ETH-CFM Ingress Squelching
CPU protection provides a granular method to control which ETH-CFM packets are
processed. As indicated in the previous section, a unique rate can be applied to ETH-CFM
packets classifying on specific MD-Level and specific OpCode and applied to both ingress
(Down MEP and ingress MIP) and egress (Up MEP and egress MIP) extraction. That function
is to protect the CPU upon extraction when a Management Point (MP) is configured.
It is also important to protect the ETH-CFM architecture deployed in the service provider
network. The protection scheme here varies form CPU protection. This model is used to
prevent ETH-CFM frames at the service provider MD-levels from gaining access to the
network even when extraction is not in place. ETH-CFM squelching allows the operator to
achieve this goal using a simple method to drop all ETH-CFM packets at or below the
configured MD-level. The ETH-CFM squelch feature is ingress only.
Figure 4 shows a typical ETH-CFM hierarchical model with a Subscriber ME (6), Test ME
(5), EVC ME (4) and an Operator ME (2). This model provides the necessary transparency at
the different levels of the architecture. For security reasons, it may be necessary to prevent
errant levels from entering the service provider network at the UNI, ENNI, or other untrusted
interconnection points. Configuring squelching at level four on both UNI-N interconnection
ensures that ETH-CFM packets matching the SAP or binding delimited configuration will
silently discard ETH-CFM packets at ingress.
Figure 4: ETH-CFM Hierarchical Model
Squelching configuration uses a single MD-level [0..7] to silently drop all ETH-CFM packets
matching the SAP or binding delimited configuration at and below the specified MD-level. In
Figure 4, a squelch level is configured at MD-level 4. This means the configuration will
silently discard MD-levels 0,1,2,3 and 4, assuming there is a SAP or binding match.
Note: Extreme caution must be used when deploying this feature.
The operator is able to configure Down MEPs and ingress MIPs that conflict with the
squelched levels. This also means that any existing MEP or MIP processing ingress CFM
packets on a SAP on Binding where a squelching policy is configured will be interrupted as
al_0398
CE
CE
5
66
6
MPLS or
Ethernet
4
3
2
1
0
4
3
2
1
0
6
5
4
22
4
To Next Page
Loading...
