Netvisor’s CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.

If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.

Syntax   cpu-class-modify


name name-string

Specify a name for the CPU class.

scope local|fabric

Specify the scope as local or fabric.

rate-limit rate-limit-number

Specify the cap for the rate limit.

hog-protect disable|enable|enable-and-drop

Specify if you want to enable, enable and drop packets, or disable hog protection.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to modify CPU protection.

Examples  To modify a CPU protection class for the local subnet to rate limit 1000, use the following syntax:

CLI network-admin@switch > cpu-class-modify name local-subnet rate-limit 1000

See Also