Enhancements for Control Plan Traffic Protection

This enhancement to Control Plane Traffic Protection (CPTP) provides 44 queues to further strengthen CPU protection and limits the traffic going to the CPU. Currently, only 8 Class of Service (CoS) queues are supported for flow control on a physical port. Each traffic class with a CPU destination has a separate vFlow. All system vFlows with the parameters, to-cpu or copy-to-cpu, now have an additional cpu-cos value.

 

CLI network-admin@Leaf1 > cpu-class-show

 

switch   name          scope rate-limit queue

-------- ------------- ----- ---------- -----

Spine1   stp           local 1000        8    

Spine1   lacp          local 1000       9

Spine1   system-d      local 1000       10

Spine1   igmp          local 1000       11

Spine1   bcast         local 1000       12

Spine1   icmpv6        local 1000       13

Spine1   tcp-analytics local 1000       14

Spine1   fabric        local 1000       15

Spine1   kpalv         local 1000       16

Spine1   ecp           local 1000       17

Spine1   arp           local 1000       18

Spine1   lldp          local 1000       19

Spine1   vport-stats   local 1000       20

Spine1   dhcp          local 1000       21

Spine1   pim           local 1000       22

Spine1   local-subnet  local 1000       23

Spine1   bgp           local 1000       24

Spine1   ospf          local 1000       25

 

All DHCP traffic has a separate CoS queue, 21, and so on. CoS 0-7 are reserved CPU queues. Any traffic not in one of the listed classes uses queue 0.

Netvisor OS assigns a default rate-limit of 1000 to each queue, but you can modify the rate using the following syntax:

CLI network-admin@Leaf1 > cpu-class-modify cpu-class-name DHCP rate-limit 2000

 

You must restart Netvisor OS for the change to take effect on the switch. You should modify any or all traffic classes at one time and then reboot the switch once.

Configuring User-defined Classes

1. Create a CPU class and specify the rate-limit:

CLI network-admin@Leaf1 > cpu-class-create name ftp rate 1000

Netvisor OS assigns a CoS class to the new CPU class.

2. Display the CPU class configuration:

CLI network-admin@Leaf1 > cpu-class-show name ftp

name    queue   rate

-----   -----   -----

ftp     17      1000

 

3. You can now create a vFlow using the ftp class:

 

CLI network-admin@Leaf1 > vflow-create name ftp scope local proto ftp cpu-class ftp action copy-to-cpu

The cpu-class parameter is only valid if the action copy-to-cpu or to-cpu is specified.

 

You can also display statistics for each vFlow using the command, cpu-cos-stats-show:

CLI network-admin@Leaf1 > cpu-cos-stats-show

switch   name          cos out-pkts drop-pkts

-------- ------------- --- -------- ---------

Spine1   class0        0   0        0

Spine1   class1        1   0        0

Spine1   class2        2   0        0

Spine1   class3        3   0        0

Spine1   class4        4   0        0

Spine1   class5        5   0        0

Spine1   class6        6   0        0

Spine1   class7        7   0        0

Spine1   stp           8   298K     0

Spine1   lacp          9   0        0

Spine1   system-d      10  0        0

Spine1   igmp          11  35.1K    0

Spine1   bcast         12  0        0

Spine1   icmpv6        13  0        0

Spine1   tcp-analytics 14  0        0

Spine1   fabric        15  5.02K    0

Spine1   kpalv         16  75.4K    0

Spine1   ecp           17  0        0

Spine1   arp           18  3.02K    0

Spine1   lldp          19  15.1K    0

Spine1   vport-stats   20  0        0

Spine1   dhcp          21  0        0

Spine1   pim           22  0        0

Spine1   local-subnet  23  31.0K    0

Spine1   bgp           24  0        0

Spine1   ospf          25  0        0

Spine1   ftp           26  0        0