cpu-defend host-car pps

Usage Scenario

User-level rate limiting identifies users by user MAC addresses and limits the rates of specified packets (ARP, ND, DHCP Request, DHCPv6 Request, IGMP, 802.1X, and HTTPS-SYN packets) for both wired and wireless users. By default, the user-level rate limit is 10 pps. You can set a rate limit based on user.

Precautions

• Before using this command, run the cpu-defend host-car enable command to enable user-level rate limiting.
• If the rate limit is too high, attacks cannot be prevented and CPU may be overloaded.
• If both the cpu-defend host-car mac-address mac-address pps pps-value and cpu-defend host-car pps pps-value commands are run, the rate limit for the specified MAC address is determined by the former command, and the rate limit for other MAC addresses is determined by the latter command.
• The user-level rate limiting performs a hash calculation for the source MAC addresses of specified packets, and places the packets into different buckets. When two user MAC addresses are mapped to the same bucket index, the two users share the same rate limit (in pps mode). If the two users modify the rate limit for the bucket simultaneously, the setting will be overwritten. To avoid this situation, the rate limit for the specified MAC address cannot be set upon hash conflict.
• When the cpu-defend host-car mac-address mac-address pps pps-value and cpu-defend host-car pps pps-value commands are run to configure the rate limit for multiple MAC addresses, the settings are displayed in the alphabetic order in the configuration file.