CP-CAR and Host-CAR

Central Processing unit-Committed Access Rate (CP-CAR) is a method for traffic policing. The NetEngine 8000 F forwards common user packets directly through its service board. Some special packets, such as routing protocol packets, packets that are generated when users go online or offline, and malformed or error packets, however, need to be sent to the main control board for processing. These packets are also called host packets.

When host packet traffic is too heavy or a user sends a large number of malicious attack host packets on the network, the system may be affected. In this case, you can configure traffic policing on the NetEngine 8000 F to monitor host packet traffic so that the system can work properly.

Host packet traffic policing involves the following modes:

The host packet traffic can be monitored using CP-CAR. CP-CAR is used to limit the rate at which host packets are sent to the CPU. You can set the committed information rate (CIR), committed burst size (CBS), and priority for each type of packets. Setting different CAR rules for packets of different types can reduce the impact of packets on each other. The CPU is therefore protected. CP-CAR can also be used to set an overall rate at which packets are sent to the CPU. If the overall rate exceeds the threshold value, these packets will be discarded to free the CPU from overload. If a type of host packet traffic transmitted over a service board on a device is too heavy, the device will become unstable. To ensure device stability, configure CP-CAR to monitor the type of host packet traffic transmitted over the service board.
Host-CAR is used to perform rate limit for packets that the user side sends to the CPU, implementing traffic policing for all host packets that each user sends to a router. If a user has heavy host packet traffic or a device is attacked, the device may not work properly. Host-CAR can be configured to police each user's host packet traffic to prevent heavy host packet traffic. CAR limits the maximum number of packets that the user side sends to the CPU in a specified period. To protect against packet attacks, a device implements three levels of CAR: Host-CAR/HTTP-Host-CAR, VLAN-Host-CAR, and CP-CAR.
- Host-CAR is implemented based on the source MAC addresses, source IP addresses, or session IDs carried in PPPoE/DHCP packets, IP packets for triggering user access, and ARP packets for triggering user access. HTTP-Host-CAR is implemented based on the source MAC addresses and source IP addresses carried in web packets. Both Host-CAR and HTTP-Host-CAR limit the number of packets that the same user host sends to the CPU in a specified period.
- VLAN-Host-CAR is implemented based on VLAN IDs to limit the maximum number of packets that hosts on the same VLAN send to the CPU in a specified period.
- CP-CAR is implemented based on user access modes to limit the maximum number of CPU-destined packets from hosts that access the network in the same mode (for example, PPPoE/DHCP) in a specified period.

Relationship between Host-CAR and CP-CAR: For packets that the user side sends to the CPU, Host-CAR is performed before CP-CAR is performed for different types of users. For packets that the network side sends to the CPU, CP-CAR is performed only for protocol packets, and Host-CAR is not performed.

CPCAR is implemented based on normalized packet compensation or minimum packet compensation. Different protocols use different packet compensation modes.

Minimum packet compensation:
- If the packet length is less than the preset minimum packet length, the device calculates the rate at which a packet is sent based on the preset packet length.
- If the packet length is greater than or equal to the preset minimum packet length, the device calculates the rate at which a packet is sent based on the actual packet length.
Normalized packet compensation: The device uses the preset packet length to calculate the rate at which packets are sent, regardless of the actual packet lengths.