No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
TM Three-Level Scheduling

TM Three-Level Scheduling

Traffic management (TM) three-level scheduling is a traffic policing method that can implement rate limit for host packets to be sent to the CPU. TM three-level scheduling protects the router against attacks and ensures system stability.

Introduction

On the router, user service packets are sent to the forwarding plane for processing and forwarding; while host packets, such as protocol packets, signaling packets, and system packets, are sent to the control plane for management and configuration.

As networks rapidly develop, more and more host packets are transmitted over carrier networks and need to be sent to the CPU. These host packets include both protocol packets from authorized users and forged protocol packets from attackers. When a large number of host packets are sent to the CPU, the CPU may become overloaded, which has the following impacts on the system:

  • Excessive protocol packets from authorized users cause high CPU usage, which degrades system performance and affects service processing and forwarding.
  • Excessive forged protocol packets from attackers occupy CPU processing resources for a long time, which could render the system unstable and lead to service interruptions or even a system crash.

To address these problems, apply TM three-level scheduling to the TM module and central processing unit-committed access rate (CP-CAR) to user-side interfaces or globally. TM three-level scheduling monitors and manages host packets to be sent to the CPU. Specifically, the TM module filters the packets, discards spoofed packets, schedules valid packets based on their priorities, and transfers the valid packets to the CPU. This ensures that the CPU processes only normal services and the system runs stably.

Figure 11-3 Networking for TM three-level scheduling

Implementation

In Figure 11-4, TM three-level scheduling is implemented on the TM module of the router.

Figure 11-4 TM three-level scheduling implementation

Protocol packets sent to the CPU can be classified into 10 protocol groups, each of which belongs to a subscriber queue (SQ). You can configure the committed information rate (CIR), peak information rate (PIR), and weight for each SQ. You can also configure priorities for protocol packets of different types within an SQ.

After entering the TM module, protocol packets with different priorities within a protocol group are scheduled into eight flow queues (FQs). The FQs use strict priority (SP) or weighted fair queuing (WFQ) scheduling before the protocol packets enter the SQ corresponding to the protocol group. The 10 SQs use WFQ scheduling before the protocol packets enter the group queue (GQ). The transmission rate of the packets is limited using CAR, and the forwarding module then transfers the packets to the CPU.

Table 11-1 lists the groups as well as their default weights, CIR, and PIR.

Table 11-1 Protocol packet classification

Group

Description

Default Weight

Default CIR

(kbit/s)

Default PIR

(kbit/s)

Management

Management packets

20

256

20480

Whitelist

Group of authorized users or high-priority users

60

1024

20480

Access-user

Access packets

30

256

20480

Multicast

Multicast packets

25

512

20480

Link-layer

Data link layer packets, which are protocol packets that influence services and links in terms of link connectivity and reliability on the data link layer.

63

512

20480

MPLS

Multiprotocol Label Switching (MPLS) packets

20

256

20480

Network-layer

Network layer packets, including entries that the forwarding plane triggers the control plane to deliver

10

100

20480

User-defined-flow

User-defined flows

30

512

20480

ARP

Address Resolution Protocol (ARP) messages

20

256

20480

Route

Routing protocol packets

20

512

20480

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12592

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next