No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Host CAR

Configuring Host CAR

You can configure host CAR to control the rate at which packets are sent to the CPU.

Usage Scenario

The system defines a default bandwidth for user-side packets to be sent to the CPU. You can configure host CAR to enable the system to adjust the traffic rate in either of the following scenarios:
  • Excessive user-side packets are sent to the CPU, congesting the links and reducing the CPU efficiency.
  • Some user-side packets to be sent to the CPU are dropped due to tight rate limits.

This feature is supported only on the Admin-VS.

Pre-configuration Tasks

None

Context

To protect against packet attacks, a device implements three levels of CAR: host CAR/HTTP Host CAR, VLAN Host CAR, and CP CAR. For details about CP CAR configurations, see Configuring the CAR.

  • Host CAR is implemented based on the source MAC addresses, source IP addresses, or Session IDs carried in PPPoE, DHCP, L2TP, and DHCPv6 packets, IP packets for triggering user access, and ARP packets for triggering user access. HTTP Host CAR is implemented based on the source MAC addresses and source IP addresses carried in web packets. Both host CAR and HTTP Host CAR limit the number of packets to be sent to the CPU from the same host. Therefore, host CAR and HTTP Host CAR are on the same level.

  • VLAN Host CAR limits the number of user packets sent to the CPU from hosts in the same VLAN based on the VLAN ID. After VLAN Host CAR is enabled, the device limits the rate at which packets are sent to the CPU from hosts in the same VLAN.

  • CP CAR is implemented based on user access modes to limit the number of packets to be sent to the CPU from hosts that access the network in the same mode (for example, PPPoE/DHCP) in a specified period.

Perform the following steps to configure host CAR.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run slot slot-id

    The slot view is displayed.

  3. Run hostcar cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ]

    Host CAR is configured.

  4. Run hostcar drop-rate enable

    Automatic bandwidth adjustment is enabled.

  5. Run hostcar attack-detect drop-rate rate-value

    The threshold for the rate at which packets are dropped by host CAR is configured.

  6. Run hostcar logging interval interval discard-threshold threshold-value

    Parameters are configured for host CAR logging.

  7. Run http-hostcar cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ]

    HTTP Host CAR is configured for web packets to be sent to the CPU.

  8. Run http-hostcar drop-rate enable

    HTTP Host CAR automatic bandwidth adjustment is enabled for web packets.

  9. Run http-hostcar attack-detect drop-rate rate-value

    The threshold for the rate at which packets are dropped by HTTP-Host-CAR is configured.

  10. Run http-hostcar logging interval interval-value discard-threshold threshold-value

    Parameters are configured for HTTP Host CAR logging.

  11. Run vlan-host-car cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ]

    VLAN Host CAR is configured.

    VLAN Host CAR limits the bandwidth of the user-side packets to be sent to the CPU from hosts in the same VLAN.

  12. Run vlan-host-car drop-rate enable

    VLAN Host CAR automatic bandwidth adjustment is enabled.

  13. Run vlan-host-car attack-detect drop-rate rate-value

    The threshold for the rate at which packets are dropped by VLAN-Host-CAR is configured.

  14. Run vlan-host-car logging { interval interval-value | discard-threshold threshold-value }*

    Parameters are configured for VLAN Host CAR logging.

  15. Run commit

    The configuration is committed.

  16. Run quit

    The system view is displayed.

  17. Run interface interface-type interface-number

    The GE or trunk interface view is displayed.

  18. Run commit

    The configuration is committed.

Checking the Configurations

After configuring host CAR, check the configurations.

  • Run the display cpu-defend { hostcar | vlan-host-car | http-hostcar } config slot slot-id command to check the default and actual rate limiting parameters configured for packets to be sent to the CPU.

  • Run the display cpu-defend hostcar { carid | all | auto-adjust | dropped | non-dropped } statistics slot slot-id command to check host CAR statistics.

  • Run the display cpu-defend http-hostcar { carid | all | auto-adjust | dropped | non-dropped } statistics slot slot-id command to check HTTP Host CAR statistics.

  • Run the display cpu-defend vlan-host-car { carid | all | auto-adjust | dropped | non-dropped } statistics slot slot-id command to check VLAN Host CAR statistics.

  • Run the display cpu-defend hostcar car-id access-user-info slot slot-id command to check statistics about a specified host CAR and the information about access users limited by the host CAR, such as MAC addresses, IP addresses, and online status.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 25528

Downloads: 52

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next