Configuring Advanced Control Plane Traffic Protection
To configure this feature, you must first enable it using the system-settings-modify command. The command syntax is:
CLI (network-admin@switch) > system-settings-modify cpu-class-enable|no-cpu-class-enable
After you enable Advanced Control Plane Traffic Protection (with the cpu-class-enable option), Netvisor ONE prompts you to restart the switch.
Note: The alternative 8-queue mode described in the previous section is applied to the main control plane communication channel when system-settings-modify is set to no-cpu-class-enable.
To show the pre-configured Advanced Control Plane Traffic Protection classes, you can use the cpu-class-show command:
CLI (network-admin@switch) > cpu-class-show format all count-output
name scope rate-limit hog-protect hog-protect-support queue
------------------ ----- ---------- ----------- ------------------- -----
dmac-miss local 1000 disable none 1
smac-miss local 1000 disable none 2
l3-miss local 1000 disable none 3
ttl1 local 1000 disable none 4
stp local 1000 disable supported 5
lacp local 1000 disable supported 6
system-d local 1000 disable none 7
igmp local 1000 disable supported 8
bcast local 1000 disable none 9
icmpv6 local 1000 disable supported 10
tcp-analytics local 1000 disable none 11
kpalv local 1000 disable none 12
ecp local 1000 disable none 13
arp local 3000 disable supported 14
lldp local 1000 disable supported 15
dhcp local 1000 disable none 16
pim local 1000 disable supported 17
local-subnet local 1000 disable supported 18
bgp local 1000 disable supported 19
ospf local 1000 disable supported 20
bfd local 1000 disable supported 21
vrrp local 1000 disable supported 22
control local 3000 disable none 23
dhcp-log-drop local 1000 disable none 24
http-rest local 3000 disable none 25
vport-messages local 1000 disable supported 26
hog-arp local 100 disable none 27
hog-ospf local 100 disable none 28
hog-bgp local 100 disable none 29
hog-bfd local 100 disable none 30
hog-lacp local 100 disable none 31
hog-stp local 100 disable none 32
hog-vrrp local 100 disable none 33
hog-lldp local 100 disable none 34
hog-local-subnet local 100 disable none 35
hog-igmp local 100 disable none 36
hog-pim local 100 disable none 37
hog-icmpv6 local 100 disable none 38
hog-vport-messages local 100 disable none 39
Count: 39
This command shows the different categories of control plane traffic that get protected by this feature (for example, smac-miss and dmac-miss for MAC address learning as part of the vPort database entry creation; or stp, lacp, and lldp for the Layer 2 protocol classes, etc.). It also shows the respective default rate-limit values (in packets per second), the queue numbers (0-42, where some queue numbers are unused by default) and also whether or not each class supports auto-quarantine (hog-protect-support).
Auto-quarantine queues are labeled with a special name hog-<class name>, such as: hog-arp, hog-ospf, hog-bgp, hog-bfd, hog-lacp, hog-stp, hog-vrrp, hog-lldp, hog-local-subnet, hog-igmp, hog-pim, hog-icmpv6.
Note: Starting from Netvisor ONE release 5.1.0 two new queues, one for CPU-bound REST API traffic (TCP port 80 and 443) and another for vPort database-related messages (UDP port 23398), are added with the names: http-rest and vport-messages. The default rate-limit values are set to 3000 pps and 1000 pps respectively. An auto-quarantine queue is added for the latter: hog-vport-messages.
Furthermore, starting from Netvisor ONE release 5.1.0 the default rate-limit values for arp and control have been conservatively lowered to 3000. When upgrading to this release, existing user configuration changes will be honored; however, in the absence of user modified values, the old default values will be replaced with the new more conservative ones.
Note: The total number of CPU classes available for CPTP is limited by the hardware. In case of conflict, system-created CPU classes are prioritized over user-defined ones at bootup. Given that, if all available classes are used up, some user-defined classes will not persist across an upgrade if more system classes are added in the new release. In such cases, users should account for any (potential) CPTP system class differences between releases while planning an upgrade.
Settings of pre-configured system classes (except the catch-all class 0) can be modified with the following command:
CLI (network-admin@switch) > cpu-class-modify
cpu-class-modify |
Modify a CPU class. |
name name-string |
Specify the name of the CPU class. |
Specify one of more of the following options |
|
rate-limit rate-limit-number |
Specify the cap for the rate limit. |
hog-protect disable|enable|enable-and-drop |
Specify if you want to enable, enable and drop packets, or disable hog protection. |
The Class 0 rate instead can be configured using the following command:
CLI (network-admin@switch) > port-cos-rate-setting-modify port control-port cos0-rate rate
Note: Starting from Netvisor ONE release 5.1.0 the default cos0-rate value is set to 3000 pps automatically when Advanced CPTP is enabled.