TM Multi-Level Scheduling
After you deploy traffic management (TM) multi-level scheduling on the TM module to implement traffic policing, the router limits the rate at which host packets are sent to the CPU. The deployment protects the router from attacks and ensures system stability.
Application Scenario
On the router, user service packets are sent to the forwarding plane for processing and forwarding; host packets, such as protocol packets, signaling packets, and system packets, are sent to the control plane for management and configuration.
As networks develop, increasingly host packets are transmitted over carrier networks. The host packets to be sent to the control plane of the device, that is, the host packets processed by the CPU, include both normal host packets and attack packets that are continuously sent to the device by simulating real protocol packets. When a large number of host packets are sent to the CPU, the CPU may become overloaded, which has the following impacts on the system:
- Excessive protocol packets from authorized users cause high CPU usage, which degrades system performance and adversely affects service processing and forwarding.
- Excessive forged protocol packets from attackers consume CPU processing resources for a long time, which could render the system unstable and lead to service interruptions or even a system crash.
To address these problems, deploy TM multi-level scheduling on the TM module and central processing unit-committed access rate (CPCAR) on user-side interfaces or globally. TM multi-level scheduling monitors and manages host packets to be sent to the CPU. Specifically, the TM module filters the packets, discards packets that do not match specified rules, schedules valid packets based on their priorities, and transfers the valid packets to the CPU. This ensures that the CPU processes only normal services and the system runs stably.
Figure 1 shows the networking of TM multi-level scheduling.
Implementation
TM multi-level scheduling applies to the traffic management unit of the router.
TM four-level scheduling process:
After packets enter the TM module, packets with different priorities in the same protocol group are classified and then sent to eight FQs (level 1). The packets in FQs are scheduled using the SP/WFQ algorithm and then sent to the SQs (level 2) occupied by protocol groups. The SQs in 75 protocol groups use the WFQ algorithm for scheduling. After being scheduled, protocol packets enter GQs (level 3). The WFQ algorithm is used for scheduling among 14 GQs. After being scheduled, the protocol packets enter the VI scheduling phase. CAR is performed on the packets, and then the packets are sent to the CPU through the forwarding unit.
Some boards do not support GQ-level scheduling. In this situation, packets in FQs and SQs are scheduled.
Table 1 lists the protocol packet groups as well as their default weights and default CIRs.
Type |
Description |
Default Weight |
Default CIR (kbit/s) |
|---|---|---|---|
Management |
Management packets. |
4 |
0 |
Whitelist |
Sets of authorized users or high-priority users. |
10 |
1024 |
Access-user |
Access packets. |
3 |
0 |
Multicast |
Multicast packets. |
4 |
0 |
Link-layer |
Data link layer packets, including connectivity packets and reliability packets. Data link layer packets also include protocol packets that influence services and links on the data link layer. |
4 |
0 |
MPLS |
Multiprotocol Label Switching (MPLS) packets. |
2 |
0 |
Network-layer |
Network layer packets, including entries that the forwarding plane generates and the control plane delivers. |
3 |
0 |
User-defined-flow |
User-defined flows. |
4 |
0 |
ARP |
ARP packets. |
2 |
0 |
Route-protocol |
Routing protocol packets. |
4 |
0 |
System-message |
System information messages. |
1 |
100 |
Blacklist |
Packets of a set of unauthorized users. |
1 |
0 |
Check-failed |
Detection packets. |
1 |
0 |
fwddata-to-cp |
Packets to be forwarded. |
1 |
0 |