No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Traffic Suppression Configuration Commands

Traffic Suppression Configuration Commands

NOTE:
  • Among the AR500 series routers, AR502G-L-D-H, AR502GR-L-D-H do not support traffic suppression.

broadcast-suppression (interface view)

Function

The broadcast-suppression command sets the maximum traffic rate of broadcast packets that can pass through an interface.

The undo broadcast-suppression command cancels the rate limit for broadcast traffic on an interface.

By default, broadcast traffic is not suppressed on an interface.

NOTE:

This command is not supported by AR502G-L-D-H, AR502GR-L-D-H.

Format

broadcast-suppression cir cir-value

undo broadcast-suppression

Parameters

Parameter

Description

Value

cir cir-value

Specifies the committed information rate (CIR).

The value is an integer, in kbit/s. The value range is as follows:
  • Ethernet interface: 64 to 100000.
  • GE interface: 64 to 10000000.
  • XGE interface: 64 to 10000000.

Views

Ethernet interface view, GE interface view,XGE interface view

Default Level

2: Configuration level

Usage Guidelines

The accumulating broadcast packets on the network occupy more and more network resources. This affects normal operation of services on the network.

To prevent broadcast storms, you can use the broadcast-suppression command to set the threshold of broadcast traffic that an interface allows to pass through. When the broadcast traffic rate reaches the rate limit, the system discards excess broadcast packets to control the traffic rate in a proper range.

Example

# Set the rate limit for broadcast traffic to 21600 pps on Ethernet 0/0/1

<Huawei> system-view
[Huawei] interface ethernet 0/0/1
[Huawei-Ethernet0/0/1] broadcast-suppression packets 21600

display flow-suppression interface

Function

The display flow-suppression interface command displays the traffic suppression configuration on an interface.

Format

display flow-suppression interface interface-type interface-number

Parameters

Parameter

Description

Value

interface interface-type interface-number

Specifies the type and number of an interface.
  • interface-type specifies the type of the interface.
  • interface-number specifies the interface number.
-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the traffic suppression configuration on Ethernet 0/0/1.

<Huawei> display flow-suppression interface ethernet 0/0/1
 storm type         rate mode   set rate value                                  
------------------------------------------------------------------------------- 
 unknown-unicast    pps         pps: 1260(packet/s)                            
 multicast          pps         pps: 2520(packet/s)                            
 broadcast          pps         pps: 1260(packet/s)                            
------------------------------------------------------------------------------- 

# Display the traffic suppression configuration on Ethernet 0/0/0.

<Huawei> display flow-suppression interface ethernet 0/0/0
 storm type         rate mode   set rate value
-------------------------------------------------------------------------------
 unknown-unicast    bps         cir: 100(kbit/s)
 multicast          bps         cir: 200(kbit/s)
 broadcast          bps         cir: 100(kbit/s)
-------------------------------------------------------------------------------
Table 14-91  Description of the display flow-suppression interface command output

Item

Description

storm type

Traffic type. Broadcast traffic, multicast traffic, and unknown unicast traffic can be suppressed.

rate mode

Type of the rate limit.
  • bps: cir mode
  • pps: packet mode

set rate value

Configured rate limit.

icmp rate-limit

Function

Using the icmp rate-limit command, you can configure the rate limit for ICMP packets globally or on an interface.

Using the undo icmp rate-limit command, you can restore the default rate limit for ICMP packets.

By default, the global rate limit and rate limit on an interface are both 100 pps.

Format

icmp rate-limit threshold threshold-value

undo icmp rate-limit threshold

Parameters

Parameter

Description

Value

threshold threshold-value

Indicates the rate limit for ICMP packets.

The value is an integer ranging from 1 to 32768, in pps.

Views

System view, interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Guidelines

Before configuring the rate limit for ICMP packets, enable the Router to limit the rate of incoming ICMP packets by using the icmp rate-limit enable command.

The Router can be configured to limit the rate of incoming ICMP packets globally or on an interface, and discard excess ICMP packets when the rate of incoming ICMP packets exceeds the limit.

You can run the icmp rate-limit command to set a global rate limit for ICMP packets and run this command in multiple interface views to limit the rate of ICMP packets on these interfaces. The total rate of ICMP packets on all the interfaces cannot exceed the global rate limit.

Precautions

To make suppression of ICMP packets take effect, disable the fast ICMP reply function.

The undo icmp rate-limit command cannot be configured in the system view.

Example

# Set the rate limit for ICMP packets on Eth 0/0/1 to 20 pps.

<Huawei> system-view
[Huawei] interface ethernet 0/0/1
[Huawei-Ethernet0/0/1] icmp rate-limit threshold 20

icmp rate-limit enable

Function

The icmp rate-limit enable command enables the traffic suppression function for ICMP packets.

The undo icmp rate-limit enable command disables the traffic suppression function for ICMP packets.

By default, the traffic suppression function for ICMP packets is disabled.

Format

icmp rate-limit enable

undo icmp rate-limit enable

Parameters

None

Views

System view, GE interface view, Ethernet interface view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Attackers may send a large number of ICMP packets to attack a network. If the device sends all the received ICMP packets to the CPU for processing, a lot of CPU usage resources are occupied and other services may be abnormal. To prevent ICMP packet attacks, you can configure the device to suppress ICMP packets.

After you run the icmp rate-limit enable command in the system view or interface view, the device limits the rate of ICMP packets by the default traffic suppression.

You can then run the icmp rate-limit command in the system view or interface view to configure a traffic suppression for ICMP packets.

Example

# Enable the traffic suppression function for ICMP packets.

<Huawei> system-view
[Huawei] icmp rate-limit enable
Related Topics

multicast-suppression (interface view)

Function

The multicast-suppression command sets the maximum traffic volume of multicast packets that can pass through an interface.

Using the undo multicast-suppression command, you can cancel the rate limit for multicast traffic on an interface.

By default, multicast traffic is not suppressed on an interface.

NOTE:

This command is not supported by AR502G-L-D-H, AR502GR-L-D-H.

Format

multicast-suppression cir cir-value

undo multicast-suppression

Parameters

Parameter

Description

Value

cir cir-value

Specifies the committed information rate (CIR).

The value is an integer, in kbit/s. The value range is as follows:
  • Ethernet interface: 64 to 100000.
  • GE interface: 64 to 10000000.
  • XGE interface: 64 to 10000000.

Views

Ethernet interface view, GE interface view,XGE interface view

Default Level

2: Configuration level

Usage Guidelines

When an increasing number of multicast packets are transmitted on a network, more network resources are occupied and services are affected.

To prevent broadcast storms, you can use the multicast-suppression command to set the threshold of multicast traffic that an interface allows to pass through. When the multicast traffic volume exceeds the threshold, the system discards the excess multicast packets to control the traffic volume of multicast packets to a proper range.

Example

# Set the rate limit for multicast traffic to 21600 pps on Ethernet 0/0/1.
<Huawei> system-view
[Huawei] interface ethernet 0/0/1
[Huawei-Ethernet0/0/1] multicast-suppression packets 21600

unicast-suppression (interface view)

Function

The unicast-suppression command sets the maximum traffic volume of unknown unicast packets that can pass through an interface.

Using the undo unicast-suppression command, you can cancel the rate limit for unicast traffic on an interface.

By default, unicast traffic is not suppressed on an interface.

NOTE:

This command is not supported by AR502G-L-D-H, AR502GR-L-D-H.

Format

unicast-suppression cir cir-value

undo unicast-suppression

Parameters

Parameter

Description

Value

cir cir-value

Specifies the committed information rate (CIR).

The value is an integer, in kbit/s. The value range is as follows:
  • Ethernet interface: 64 to 100000.
  • GE interface: 64 to 10000000.
  • XGE interface: 64 to 10000000.

Views

Ethernet interface view, GE interface view,XGE interface view

Default Level

2: Configuration level

Usage Guidelines

When an increasing number of unknown multicast packets are transmitted on the network, more network resources are occupied and services are affected.

To prevent broadcast storms, you can use the unicast-suppression command to set the threshold of unicast traffic that an interface allows to pass through. When the unknown unicast traffic rate exceeds the rate limit, the system discards excess unknown unicast packets to control the traffic volume in a proper range.

Example

# Set the rate limit for unknown unicast traffic to 21600 pps on Ethernet 0/0/1.

<Huawei> system-view
[Huawei] interface ethernet 0/0/1
[Huawei-Ethernet0/0/1] unicast-suppression packets 21600
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 52876

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next