cpu-class-create
Netvisor’s CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-create
|
name name-string |
Specify a name for the CPU class. |
|
scope local|fabric |
Specify the scope as local or fabric. |
|
rate-limit rate-limit-number |
Specify the cap for the rate limit. |
|
hog-protect disable|enable|enable-and-drop |
Specify if you want to enable, enable and drop packets, or disable hog protection. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to create CPU protection.
Examples To create a CPU protection class for the local subnet, use the following syntax:
CLI network-admin@switch > cpu-class-create name local-subnet scope local rate-limit 100 hog-protect enable-and-drop
cpu-class-delete
Netvisor’s CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-delete
|
name name-string |
Specify a name for the CPU class. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to delete CPU protection.
Examples To delete a CPU protection class for the local subnet, use the following syntax:
CLI network-admin@switch > cpu-class-delete name local-subnet
cpu-class-modify
Netvisor’s CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-modify
|
name name-string |
Specify a name for the CPU class. |
|
scope local|fabric |
Specify the scope as local or fabric. |
|
rate-limit rate-limit-number |
Specify the cap for the rate limit. |
|
hog-protect disable|enable|enable-and-drop |
Specify if you want to enable, enable and drop packets, or disable hog protection. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to modify CPU protection.
Examples To modify a CPU protection class for the local subnet to rate limit 1000, use the following syntax:
CLI network-admin@switch > cpu-class-modify name local-subnet rate-limit 1000
cpu-class-show
Netvisor’s CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-show
|
name name-string |
Displays the name for the CPU class. |
|
scope local|fabric |
Displays the scope as local or fabric. |
|
rate-limit rate-limit-number |
Displays the cap for the rate limit. |
|
hog-protect disable|enable|enable-and-drop |
Displays if you want to enable, enable and drop packets, or disable hog protection. |
|
hog-protect-support| |
Displays if hog protection is supported or not. |
|
queue queue-number |
Displays the queue number. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to display information about CPU class configurations.
Examples To display CPU class configurations, use the following syntax:
CLI network-admin@switch > cpu-class-show
switch name scope rate-limit hog-protect hog-protect-support queue
---------- ---------------- ----- ---------- ----------- ------------------- -----
aquarius06 dmac-miss local 1000 disable none 1
aquarius06 smac-miss local 1000 disable none 2
aquarius06 l3-miss local 1000 disable none 3
aquarius06 ttl1 local 1000 disable none 4
aquarius06 stp local 1000 disable supported 5
aquarius06 lacp local 1000 disable supported 6
aquarius06 system-d local 1000 disable none 7
aquarius06 dmac-miss local 1000 disable none 8
aquarius06 smac-miss local 1000 disable none 9
aquarius06 l3-miss local 1000 disable none 10
aquarius06 ttl1 local 1000 disable none 11
aquarius06 stp local 1000 disable supported 12
aquarius06 lacp local 1000 disable supported 13
aquarius06 system-d local 1000 disable none 14
aquarius06 igmp local 1000 disable none 15
aquarius06 bcast local 1000 disable none 16
aquarius06 icmpv6 local 1000 disable none 17
aquarius06 tcp-analytics local 1000 disable none 18
aquarius06 kpalv local 1000 disable none 19
aquarius06 ecp local 1000 disable none 20
aquarius06 arp local 1000 disable supported 21
aquarius06 lldp local 1000 disable supported 22
aquarius06 vport-stats local 1000 disable none 23
aquarius06 dhcp local 1000 disable none 24
aquarius06 pim local 1000 disable none 25
aquarius06 local-subnet local 1000 disable supported 26
aquarius06 bgp local 1000 disable supported 27
aquarius06 ospf local 1000 disable supported 28
aquarius06 bfd local 1000 disable supported 29
aquarius06 vrrp local 1000 disable supported 30
aquarius06 cluster-control local 5000 disable none 31
aquarius06 control local 5000 disable none 32
aquarius06 hog-arp local 100 disable none 33
aquarius06 hog-ospf local 100 disable none 34
aquarius06 hog-bgp local 100 disable none 35
aquarius06 hog-bfd local 100 disable none 36
aquarius06 hog-lacp local 100 disable none 37
aquarius06 hog-stp local 100 disable none 38
aquarius06 hog-vrrp local 100 disable none 39
aquarius06 hog-lldp local 100 disable none 40
aquarius06 hog-local-subnet local 100 disable none 41
aquarius06 dhcp-log-drop local 1000 disable none 42
cpu-class-settings-modify
Netvisor’s CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax CLI network-admin@switch >cpu-class-settings-show
|
hog-checker-interval hog-checker-interval-number (ms) |
Specify the hog checking interval in milliseconds. |
|
hog-max-hosts-per-class hog-max-hosts-per-class-number |
Specify the maximum number of active hosts tracked per CPU class. |
|
hog-max-violators-per-port hog-max-violators-per-port-number |
Specify the maximum number of hog violators per port. |
|
hog-max-violators-per-port hog-max-violators-per-port-number |
Specify the hog warning threshold. |
|
hog-violator-timeout hog-violator-timeout-number (s) |
Specify the timeout before restoring the hog violator to normal queue after an idle state. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to modify statistics settings for CPU class.
Examples To modify CPU class settings for hog-checker-interval from 100 to 150, use the following syntax:
CLI network-admin@switch > cpu-clss-settings-modify hog-checker-interval 150
cpu-class-settings-show
The Netvisor OS CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-settings-show
|
hog-checker-interval hog-checker-interval-number (ms) |
Specify the hog checking interval in milliseconds. |
|
hog-max-hosts-per-class hog-max-hosts-per-class-number |
Specify the maximum number of active hosts tracked per CPU class. |
|
hog-max-violators-per-port hog-max-violators-per-port-number |
Specify the maximum number of hog violators per port. |
|
hog-max-violators-per-port hog-max-violators-per-port-number |
Specify the hog warning threshold. |
|
hog-violator-timeout hog-violator-timeout-number (s) |
Specify the timeout before restoring the hog violator to normal queue after an idle state. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to display statistic settings for CPU hog protection.
Examples To display statistic settings for CPU hog protection, use the following syntax:
CLI network-admin@switch > cpu-class-settings-show
switch: Spine01
hog-checker-interval(ms): 100
hog-max-hosts-per-class: 500
hog-max-violators-per-port: 50
hog-warning-threshold: 5
hog-violator-timeout(s): 20
cpu-class-stats-clear
The Netvisor OS CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-stats-clear
|
name name-string |
Specify the name of the CPU class to clear statistics. |
|
cos cos-number |
Clear the CoS value for the CPU class. |
|
hw-out-pkts hw-out-pkts-number |
Clear the hardware transmitted packet count. |
|
hw-drop-pkts hw-drop-pkts-number |
Clear the number of hardware dropped packets. |
|
sw-pkts sw-pkts-number |
Clear the number of packets processed in software. |
|
sw-drops-pkts sw-drops-pkts-number |
Clear the number of packets dropped in software because the queue is full. |
|
hog-violations hog-violations-number |
Clear the number of hog protection host violations and moved to separate queue. |
|
hog-warnings hog-warnings-number |
Clear the number of hog protection delegated bandwidth warnings. |
|
hog-hosts-in hog-hosts-in-number |
Clear the number of added hosts for hog protection. |
|
hog-hosts-out hog-hosts-out-number |
Clear the number of hosts removed from hog protection. |
|
hog-max-hosts-drops hog-max-hosts-drops-number |
Clear the number of dropped hosts with hog protection because the maximum number of hosts is reached. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to clear statistics for CPU hog protection.
Examples To clear statistics for CPU hog protection, use the following syntax:
CLI network-admin@switch > cpu-class-stats-show
cpu-class-stats-show
The Netvisor OS CPU Control Packet Processing Protection feature allows the CPU control packet processing path be protected against misbehaving and malicious hosts or end-points that may flood control protocol packets. This is also called “CPU hog protection”.
If a host floods a control protocol packet, it floods the to-cpu queue. This prevents lower-rate packets from valid senders from reaching Netvisor, resulting in traffic loss for those hosts. Typically a traffic loss occurs for other hosts on the network. Netvisor can process large streams of both valid and malformed protocol packets for various protocols.
Syntax cpu-class-stats-show
|
name name-string |
Specify the name of the CPU class to clear statistics. |
|
cos cos-number |
Displays the CoS value for the CPU class. |
Defaults None
Access Network Administrator
History Command introduced in Version 2.6.0.
Usage Use this command to display statistics for CPU hog protection.
Examples To display statistics for CPU hog protection, use the following syntax:
CLI network-admin@switch > cpu-class-stats-show
switch: Spine01
hog-checker-interval(ms): 100
hog-max-hosts-per-class: 500
hog-max-violators-per-port: 50
hog-warning-threshold: 5
hog-violator-timeout(s): 20
cpu-mgmt-class-modify
Informational Note: This feature is supported on the following platforms:
|
Freedom Series |
Edge-Core Series |
Dell Series |
|
F9272-X |
AS5512-54X |
S6010-ON |
|
F9232-C |
AS6712-32X |
Z9100-ON |
|
F9372-T |
|
|
Control Plane Traffic Protection (CPTP) refers to a new feature that allows the user to impose rate limits on the flow of traffic that arrives on the CPU management port. When control plane traffic arrives out-of-band on the management NIC of the switch, there is currently no such protection. There is the possibility that excessive control plane traffic may saturate the 1G management port or starve the CPU of other critical traffic.
Syntax cpu-mgmt-class-modify
|
name arp|icmp|ssh|snmp|fabric| |
Select the class of traffic to modify. |
|
Specify one or more of the following options: |
|
|
rate-limit unlimited |
Specify the ingress rate limit on the management port in Bps or unlimited. |
|
burst-size default |
Specify the ingress traffic burst size in bytes or default. |
Defaults Disabled by default.
Access Network Administrator
History Command introduced in Version 3.0.0.
Usage Use this command to modify management services to the CPU configuration.
Examples To modify the rate limit for ARP traffic to 100 Bps, use the following syntax:
CLI network-admin@switch > cpu-mgmt-class-modify name arp rate-limit 100 Bps
cpu-mgmt-class-show
Control Plane Traffic Protection (CPTP) refers to a new feature that allows the user to impose rate limits on the flow of traffic that arrives on the CPU management port. When control plane traffic arrives out-of-band on the management NIC of the switch, there is currently no such protection. There is the possibility that excessive control plane traffic may saturate the 1G management port or starve the CPU of other critical traffic.
Syntax cpu-mgmt-class-show
|
name arp|icmp|ssh|snmp|fabric|bcast|nfs|web|web-ssl|net-api |
Displays the class of traffic. |
|
one or more of the following options: |
|
|
rate-limit unlimited |
Displays the ingress rate limit on the management port in Bps or unlimited. |
|
burst-size default |
Displays the ingress traffic burst size in bytes or default. |
Defaults None
Access Network Administrator
History Command introduced in Version 3.0.0.
Usage Use this command to display information about CPU traffic management.
Examples To display information about CPU management, use the following syntax:
CLI network-admin@switch > cpu-mgmt-class-show
switch name rate-limit
------- ------- ----------
draco07 arp unlimited
draco07 icmp unlimited
draco07 ssh unlimited
draco07 snmp unlimited
draco07 fabric unlimited
draco07 bcast unlimited
draco07 nfs unlimited
draco07 web unlimited
draco07 web-ssl unlimited
draco07 net-api unlimited
cpu-mgmt-class-stats-settings-modify
This command is used to modify the settings for statistics collection.
Syntax cpu-mgmt-class-stats-settings-modify
|
enable|disable |
Specify if you want to enable statistics collection. |
|
interval duration: #d#h#m#s |
Specify the interval duration. |
|
disk-space disk-space-number |
Specify the amount of disk space for the statistics. |
Defaults Disabled.
Access Network Administrator
History Command introduced in Version 3.0.0
Usage Use this command to modify a CPU management class statistics collection configuration.
Examples To enable statistics collection for the CPU management class configuration, use the following syntax:
CLI network-admin@switch > cpu=mgmt-class-settings-modify enable
cpu-mgmt-class-stats-settings-show
This command is used to display the settings for statistics collection.
Syntax cpu-mgmt-class-stats-settings-show
Defaults None.
Access Network Administrator
History Command introduced in Version 3.0.0.
Usage Use this command to display statistics collection settings.
Examples To display statistics collection settings, use the following syntax:
CLI network-admin@switch > cpu-mgmt-class-stats-settings-show
switch: draco07
enable: yes
interval: 30m
disk-space: 50M
cpu-mgmt-class-stats-show
This command is used to display CPU management class statistics.
Syntax cpu-mgmt-class-stats-show
|
time date/time: yyyy-mm-ddTHH:mm:ss |
Displays the time to start collection. |
|
start-time date/time: yyyy-mm-ddTHH:mm:ss |
Displays the start time of collection. |
|
end-time date/time: yyyy-mm-ddTHH:mm:ss |
Displays the end time of collection. |
|
duration duration: #d#h#m#s |
Displays the duration of collection. |
|
interval duration: #d#h#m#s |
Displays the interval between collection. |
|
since-start |
Displays the statistics collected since the start time. |
|
older-than duration: #d#h#m#s |
Displays the statistics older than the specified time. |
|
within-last duration: #d#h#m#s |
Displays the statistics collected within last time. |
|
name arp|icmp|ssh|snmp|fabric|bcast|nfs|web|web-ssl|net-api |
Displays the CPU management class. |
|
in-bytes in-bytes-number |
Displays the ingress bytes processed. |
|
in-pkts in-pkts-number |
Displays the ingress packets processed. |
|
drop-pkts drop-pkts-number |
Displays the number of ingress packets dropped. |
Defaults None
Access Network Administrator
History Command introduced in Version 3.0.0.
Usage Use this command to display CPU management class statistics.
Examples To display statistics, use the following syntax:
CLI network-admin@switch > cpu-mgmt-class-stats-show
switch name in-bytes in-pkts drop-pkts
------- ------- -------- ------- ---------
draco07 arp 0 0 0
draco07 icmp 0 0 0
draco07 ssh 0 0 0
draco07 snmp 0 0 0
draco07 fabric 0 0 0
draco07 bcast 0 0 0
draco07 nfs 0 0 0
draco07 web 0 0 0
draco07 web-ssl 0 0 0
draco07 net-api 0 0 0