cp-rate-limit igmp

Function

The cp-rate-limit igmp command limits the rate of sending IGMP packets to the CPU.

The undo cp-rate-limit igmp command cancels the set rate of sending IGMP to the CPU.

By default, the rate at which IGMP packets are sent to the CPU is not limited.

Format

cp-rate-limit igmp cir cir-value [ cbs cbs-value ] vlan vlan-id-begin [ to vlan-id-end ] [ prior ]

cp-rate-limit igmp cir cir-value [ cbs cbs-value ] pe-vid pe-vlan-id ce-vid ce-vlan-id-begin [ to ce-vlan-id-end ] [ prior ]

cp-rate-limit igmp cir cir-value [ cbs cbs-value ] [ prior ]

undo cp-rate-limit igmp [ cir cir-value [ cbs cbs-value ] ] [ vlan vlan-id-begin [ to vlan-id-end ] ] [ prior ]

undo cp-rate-limit igmp [ cir cir-value [ cbs cbs-value ] ] pe-vid pe-vlan-id ce-vid ce-vlan-id-begin [ to ce-vlan-id-end ] [ prior ]

Parameters

Parameter Description Value
cbs cbs-value

Specifies the committed burst size (CBS), that is, the depth of the token bucket. The CBS indicates the committed traffic that can pass at a burst.

The value is an integer ranging from 100 to 33554432, in bytes. It is recommended that you set the CBS to a value that is greater than 10 times the length of a packet. The default value varies with the value of cir-value.

The cbs-value that takes effect is at least 187 times the cir-value.

  • If the configured cbs-value is less than 187 times the cir-value, the cbs-value that takes effect is 187 times the cir-value.
  • If the configured cbs-value is greater than 187 times the cir-value, the configured cbs-value takes effect.
vlan vlan-id-begin

Specifies the start value of the VLAN ID.

The value is an integer ranging from 1 to 4094.
to ce-vlan-id-end

Specifies the end value of the inner VLAN tag.

The value is an integer ranging from 1 to 4094.
to vlan-id-end

Specifies the end value of the VLAN ID.

The value is an integer ranging from 1 to 4094.
prior

Specifies the IGMP packet bandwidth limit for the specified port takes precedence over blacklists, whitelists, and user-defined-flow.

-
cir cir-value

Specifies the committed information rate (CIR), that is, the committed traffic rate.

The value is an integer that can be 0, 32 to 1000000, in packet/s.
pe-vid pe-vlan-id

Specifies the value of the outer VLAN tag.

The value is an integer ranging from 1 to 4094.
ce-vid ce-vlan-id-begin

Specifies the start value of the inner VLAN tag.

The value is an integer ranging from 1 to 4094.

Views

Layer 2 100GE interface view, 100GE interface view, 10G LAN interface view, 10G WAN interface view, Layer 2 40GE interface view, 40GE interface view, Layer 2 50GE interface view, 50GE interface view, Layer 2 Eth-Trunk interface view, Eth-Trunk interface view, Layer 2 GE interface view, GE optical interface view, GE electrical interface view, Global VE sub-interface view, VE sub-interface view, Layer 2 XGE interface view, XGE interface view, Layer 2 sub-interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
soc write

Usage Guidelines

Usage Scenario

To protect CPU resources against IGMP attacks, run the cp-rate-limit igmp command to limit the rate at which IGMP packets on an interface are sent to the CPU.

Precautions

  • When the untagged or default encapsulation mode is configured for interfaces, such as an Ethernet interface or its sub-interface or a GE interface or its sub-interface, the cp-rate-limit igmp cir cir-value [ cbs cbs-value ] [ prior ] command is supported.
  • When the dot1q, untagged, or default encapsulation mode is configured for interfaces, such as a dot1q VLAN tag termination sub-interface, global VE sub-interface, VE sub-interface, Layer 2 Ethernet interface, Layer 2 GE interface, Layer 2 Eth-Trunk interface, or EVC sub-interface, the cp-rate-limit igmp cir cir-value [ cbs cbs-value ] vlan vlan-id-begin [ to vlan-id-end ] [ prior ] command is supported.
  • When the QinQ, untagged, or default encapsulation mode is configured for interfaces, such as a QinQ VLAN tag termination sub-interface, global VE sub-interface, VE sub-interface, or EVC sub-interface, the cp-rate-limit igmp cir cir-value [ cbs cbs-value ] pe-vid pe-vlan-id ce-vid ce-vlan-id-begin [ to ce-vlan-id-end ] [ prior ] command is supported.

Example

# On GE0/1/1.1, set the CIR and CBS of sending IGMP packets to the CPU to 1000 packet/s and 2000 bytes respectively.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1.1
[*HUAWEI-GigabitEthernet0/1/1.1] cp-rate-limit igmp cir 1000 cbs 2000
# In VLAN 100, set the CIR and CBS of sending IGMP packets to the CPU to 1000 packet/s and 2000 bytes respectively.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1.1
[*HUAWEI-GigabitEthernet0/1/1.1] vlan-type dot1q 100
[*HUAWEI-GigabitEthernet0/1/1.1] cp-rate-limit igmp cir 1000 cbs 2000
# On QinQ terminating sub-interface GE0/1/1.1, set the CIR and CBS of sending IGMP packets to the CPU to 1000 packet/s and 2000 bytes respectively.
<HUAWEI> system-view
[*HUAWEI] interface GigabitEthernet 0/1/1.1
[*HUAWEI-GigabitEthernet0/1/1.1] encapsulation qinq-termination
[*HUAWEI-GigabitEthernet0/1/1.1] qinq termination pe-vid 100 ce-vid 200
[*HUAWEI-GigabitEthernet0/1/1.1] cp-rate-limit igmp cir 1000 cbs 2000 pe-vid 100 ce-vid 200
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >