Dell S4148U-ON OS10 Enterprise Edition User Guide Release 10.4.0E R2 - Page 553
Control-plane policing, or rate policing on control-plane
View all Dell S4148U-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 553 highlights
3 Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-policy 4 Refer the class-maps in the policy-map and define the required action for the flows. OS10(config-pmap-qos)# class cmap OS10(config-pmap-c-qos)# ? OS10(config-pmap-qos)# class cmap OS10(config-pmap-c-qos)# end Exit to the exec Mode exit Exit from current mode no Negate a command or set its defaults police Rate police input traffic set Mark input traffic show show configuration trust Specify dynamic classification to trust[dscp/dot1p] ACL based classification with trust If you have enabled trust based classification and the system has class-maps to install ACL entries in the same policy-map that might conflict with the trust based classification, then by default the trust based classification takes precedence. You can modify the order of precedence by enabling the fallback option of trust dot1p or diffserv (DSCP). 1 Create class-maps. • Create a class-map of type qos to match CoS 5 flow. OS10(config)# class-map cmap-cos5 • Define the fields to be matched on 802.1p CoS 5 values. OS10(config-cmap-qos)# match cos 5 2 Create a policy-map for enabling trust and matching the CoS 5 flow. • Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-trust • Refer the class-maps in the policy-map and define the required action for the flows. OS10(config-pmap-qos)# class class-trust OS10(config-pmap-c-qos)# trust dot1p fallback OS10(config-pmap-qos)# class cmap-cos5 OS10(config-pmap-c-qos)# set qos-group 7 • Attach the policy-map to interface. OS10(conf-if-eth1/1/1)# service-policy input type qos cos-trust Control-plane policing Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets. If the rate of control packets towards the CPU is higher than the CPU can handle, CoPP provides a method to selectively drop some of the control traffic so that the CPU can process high-priority control traffic. You can use CoPP to rate-limit traffic through each CPU port queue of the network processor (NPU). CoPP applies policy actions on all control-plane traffic. The control-plane class map does not use any match criteria. To enforce rate-limiting or rate policing on control-plane traffic, create policy maps. You can use the control-plane command to attach the CoPP service policies directly to the control-plane. The default rate limits apply to 12 CPU queues and the protocols mapped to each CPU queue. The control packet type to CPU ports control queue assignment is fixed. The only way you can limit the traffic towards the CPU is choose a low priority queue, and apply ratelimits on that queue to find a high rate of control traffic flowing through that queue. Quality of service 553