Configuring Rules for the Switch to Limit the Rate of Packets in Enhanced Mode
Context
- Non-enhanced mode: The device uses the CPU to limit the rate of packets or discard packets, which greatly affects CPU performance.
- Enhanced mode: The device uses a built-in chip to limit the rate of packets or discard packets, which therefore does not affect CPU performance and is not affected by other packets sent to the CPU, improving performance of corresponding features.
To reduce impact on the CPU and improve performance of corresponding features, you can configure rules for the device to limit the rate of packets in enhanced mode.
The CE12800E does not support the function.
Procedure
- Run system-view
The system view is displayed.
- Run cpu-defend policy policy-name
The attack defense policy view is displayed.
- Configure rules for the switch to limit the rate of packets in enhanced mode.
Run car enp packet-type packet-type pps pps-value
The rate limit of packets in enhanced mode is configured.
By default, you can run the display cpu-defend configuration enp command to view the rate limit of packets in enhanced mode.
Run deny enp packet-type packet-type
Packets discarded by the device in enhanced mode are configured.
By default, the device does not discard packets, and uses the default value of the devicename-default policy to limit the rate of packets. You can run the display cpu-defend configuration enp command to view the rate limit of packets.
If both the car enp packet-type packet-type pps pps-value and deny enp packet-type packet-type commands are run for a specified type of packets, the command configured later takes effect.
- Run commit
The configuration is committed.