Configuring Rate Limits

Similar documents
Configuring Rate Limits

Configuring Rate Limits

Configuring Traffic Storm Control

Configuring ECMP for Host Routes

Configuring Mutation Mapping

Configuring Traffic Storm Control

Configuring Layer 2 Switching

Configuring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER

Configuring Session Manager

Configuring IP TCP MSS

Configuring Password Encryption

Configuring Policy-Based Routing

Configuring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:

Configuring Network QoS

Configuring Unicast RPF

Configuring IPv4. Finding Feature Information. This chapter contains the following sections:

Configuring Layer 2 Switching

Class-based Quality-of-Service MIB

Configuring DNS. Finding Feature Information. Information About DNS Clients. DNS Client Overview

Configuring EEE. Finding Feature Information. This chapter describes how to configure Energy Efficient Ethernet (EEE) on Cisco NX-OS devices.

Configuring Control Plane Policing

Configuring Layer 3 Virtualization

Configuring Private VLANs Using NX-OS

Configuring Classification

Configuring Q-in-Q VLAN Tunnels

Configuring Password Encryption

Configuring Control Plane Policing

Configuring Online Diagnostics

Configuring TAP Aggregation and MPLS Stripping

Monitoring QoS Statistics

Configuring Local SPAN and ERSPAN

Configuring SPAN. Finding Feature Information. About SPAN. SPAN Sources

Configuring Static Routing

Configuring TAP Aggregation and MPLS Stripping

Configuring STP Extensions Using Cisco NX-OS

Configuring User Accounts and RBAC

This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

Configuring Q-in-Q VLAN Tunnels

Configuring DHCP Snooping

Managing the Unicast RIB and FIB

Configuring a MAC ACL

Configuring Terminal Settings and Sessions

This chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices. This chapter includes the following sections:

Configuring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:

Configuring Tap Aggregation and MPLS Stripping

Configuring User Accounts and RBAC

Configuring Port Channels

Configuring Network QoS

Configuring Policy-Based Routing

Configuring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:

Configuring IGMP Snooping

Configuring Priority Flow Control

Configuring Control Plane Policing

Configuring SSH and Telnet

Configuring SPAN. About SPAN. SPAN Sources

Configuring NTP. Information About NTP. Information About the NTP Server. This chapter contains the following sections:

Configuring NTP. Information About NTP. This chapter contains the following sections:

Configuring sflow. About sflow. sflow Agent

Configuring the Catena Solution

Configuring IP Tunnels

Configuring Layer 3 Interfaces

Configuring Q-in-Q VLAN Tunnels

Configuring EtherChannels

Managing the Unicast RIB and FIB, on page 5

Managing the Unicast RIB and FIB, page 5

Configuring DHCP. Finding Feature Information

Configuring Rapid PVST+ Using NX-OS

Configuring PIM. Information About PIM. Send document comments to CHAPTER

Configuring TACACS+ Information About TACACS+ Send document comments to CHAPTER

Basic Device Management

Configuring NTP. Information About NTP. This chapter contains the following sections:

Nexus 7000 and 7700 Series Switches Optimized ACL Logging Configuration Example

Configuring User Accounts and RBAC

Configuring IP ACLs. About ACLs

Configuring MST Using Cisco NX-OS

Configuring EtherChannels

vpc Configuration Synchronization

Configuring ACL Logging

Configuring EtherChannels

Configuring Layer 3 Interfaces

Configuring NetFlow. NetFlow Overview

Configuring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

IVR Zones and Zonesets

D Commands. Send comments to

Configuring 802.1X. Finding Feature Information. Information About 802.1X

Configuring Port Channels

Port ACLs (PACLs) Prerequisites for PACls CHAPTER

Configuring IPv6 First-Hop Security

Configuring Port Channels

Configuring Static MPLS

Configuring Port Channels

Configuring NetFlow. NetFlow Overview

Working with Configuration Files

Configuring LDAP. Finding Feature Information

On the Cisco Nexus 5548 Switch, Fibre Channel ports and VSAN ports cannot be configured as ingress source ports in a SPAN session.

With 802.1X port-based authentication, the devices in the network have specific roles.

Configuring Port Channels

Configuring Online Diagnostics

Configuring Priority Flow Control

Configuring the MAC Address Table

Transcription:

22 CHAPTER This chapter describes how to configure rate limits for egress traffic on NX-OS devices. This chapter includes the following topics: Information About Rate Limits, page 22-1 Virtualization Support, page 22-2 Licensing Requirements for Rate Limits, page 22-2 Guidelines and Limitations, page 22-2, page 22-3 Verifying the Rate Limits Configuration, page 22-6 Rate Limits Example Configuration, page 22-7 Default Settings, page 22-7 Additional References, page 22-7 Feature History for Rate Limits, page 22-8 Information About Rate Limits Rate limits can prevent redirected packets for egress exceptions from overwhelming the supervisor module on an NX-OS device. You can configure rate limits in packets per second for the following types of redirected packets: Access list logging packets Data and control packets copied to the supervisor module Layer 2 storm control packets Layer 2 port security packets Layer 3 glean packets Layer 3 maximum transmission unit (MTU) check failure packets Layer 3 multicast directly connected packets Layer 3 multicast local group packets 22-1

Virtualization Support Chapter 22 Layer 3 multicast Reverse Path Forwarding (RPF) leak packets Layer 3 Time-to-Live (TTL) check failure packets Receive packets You can also configure rate limits for Layer 3 control packets. Virtualization Support You can configure rate limits only in the default virtual device context (VDC), but the rate limits configuration applies to all VDCs on the NX-OS device. For more information on VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.1. Licensing Requirements for Rate Limits The following table shows the licensing requirements for this feature: Product NX-OS License Requirement Rate limits require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the NX-OS licensing scheme, see the Cisco Nexus 7000 Series NX-OS Licensing Guide, Release 4.1. Guidelines and Limitations Rate limits has the following configuration guidelines and limitations: You can set rate limits only for supervisor-bound egress exception and egress redirected traffic. Use control plane policing (CoPP) for other types of traffic (see Chapter 21, Configuring Control Plane Policing ). Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. 22-2

Chapter 22 You can set rate limits on egress traffic. BEFORE YOU BEGIN Ensure that you are in the correct VDC (or use the switchto vdc command). SUMMARY STEPS 1. config t 2. hardware rate-limit access-log-list packets hardware rate-limit copy packets hardware rate-limit layer-2 port-security packets hardware rate-limit layer-2 storm-control packets hardware rate-limit layer-3 control packets hardware rate-limit layer-3 glean packets hardware rate-limit layer-3 mtu packets hardware rate-limit layer-3 multicast {directly-connected local-groups rpf-leak} packets hardware rate-limit layer-3 ttl packets hardware rate-limit receive packets 3. exit 4. show hardware rate-limit 5. copy running-config startup-config DETAILED STEPS Step 1 config t switch# config t switch(config)# Enters global configuration mode. 22-3

Chapter 22 Step 2 hardware rate-limit access-list-log packets switch(config)# hardware rate-limit access-list-log 200 hardware rate-limit copy packets switch(config)# hardware rate-limit copy 40000 hardware rate-limit layer-2 port-security packets switch(config)# hardware rate-limit port-security 1000 hardware rate-limit layer-2 storm-control packets switch(config)# hardware rate-limit storm-control 10000 hardware rate-limit layer-3 control packets switch(config)# hardware rate-limit control 20000 hardware rate-limit layer-3 glean packets switch(config)# hardware rate-limit layer-3 glean 200 hardware rate-limit layer-3 mtu packets switch(config)# hardware rate-limit layer-3 mtu 1000 hardware rate-limit layer-3 multicast {directly-connected local-groups rpf-leak} packets switch(config)# hardware rate-limit layer-3 multicast local-groups 20000 hardware rate-limit layer-3 ttl packets switch(config)# hardware rate-limit layer-3 ttl 1000 hardware rate-limit receive packets switch(config)# hardware rate-limit receive 40000 for packets copied to the supervisor module for access list logging. The range is from 1 to 33554431. The default rate is 100. for data and control packets copied to the supervisor module. The range is from 1 to 33554431. The default rate is 30000. for port security packets. The range is from 1 to 33554431. The default is disabled. for storm control packets. The range is from 1 to 33554431. The default is disabled. for Layer 3 control packets. The range is from 1 to 33554431. The default rate is 10000. for Layer 3 glean packets. The range is from 1 to 33554431. The default rate is 100. for Layer 3 MTU failure redirected packets. The range is from 1 to 33554431. The default rate is 500. for Layer 3 multicast directly connected, local groups, or RPF leak redirected packets in packets per second. The range is from 1 to 33554431. The default rate is 10000 for directly connected packets, 10000 for local groups packets, and 500 for RPF leak packets. for Layer 3 failed Time-to-Live redirected packets. The range is from 1 to 33554431. The default rate is 500. for packets redirected to the supervisor module. The range is from 1 to 33554431. The default rate is 30000. 22-4

Chapter 22 Displaying the Rate Limit Statistics Step 3 Step 4 Step 5 exit switch(config)# exit switch# show hardware rate-limit switch# show hardware rate-limit copy running-config startup-config switch# copy running-config startup-config Exits global configuration mode. (Optional) Displays the rate limit configuration. (Optional) Copies the running configuration to the startup configuration. Displaying the Rate Limit Statistics BEFORE YOU BEGIN SUMMARY STEPS DETAILED STEPS You can display the rate limit statistics. Ensure that you are in the default VDC (or use the switchto vdc command). 1. show hardware rate-limit [access-list-log copy layer-2 storm-control layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive] Step 1 show hardware rate-limit [access-list-log copy layer-2 {port-security storm-control} layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive] Displays the rate limit statistics. switch# show hardware rate-limit layer-3 glean For detailed information about the fields in the output from this command, see the Cisco Nexus 7000 Series NX-OS Security Reference, Release 4.1. 22-5

Clearing the Rate Limit Statistics Chapter 22 Clearing the Rate Limit Statistics BEFORE YOU BEGIN SUMMARY STEPS DETAILED STEPS You can clear the rate limit statistics. Ensure that you are in the default VDC (or use the switchto vdc command). 1. show hardware rate-limit [access-list-log copy layer-2 {port-security storm-control} layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive] 2. clear hardware rate-limiter {all access-list-log copy layer-2 storm-control layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive} Step 1 show hardware rate-limit [access-list-log copy layer-2 {port-security storm-control} layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive] (Optional) Displays the rate limit statistics. switch# show hardware rate-limit layer-3 glean Step 2 clear hardware rate-limiter {all access-list-log copy layer-2 {port-security storm-control} layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive} Clears the rate limit statistics. switch# clear hardware rate-limiter Verifying the Rate Limits Configuration To display the rate limits configuration information, perform the following task: show hardware rate-limit [access-list-log copy layer-2 {port-security storm-control layer-3 {control glean mtu multicast {directly-connected local-groups rpf-leak} ttl} receive] Displays the rate limit configuration. 22-6

Chapter 22 Rate Limits Example Configuration For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Security Reference, Release 4.1. Rate Limits Example Configuration The following example shows how to configure rate limits: hardware rate-limit layer-3 control 20000 hardware rate-limit copy 40000 Default Settings Table 22-1 lists the default settings for rate limits parameters. Table 22-1 Default Rate Limits Parameters Parameters Access-list-log packets rate limit Copy packets rate limit Layer 2 port-security packet rate limit Layer 2 storm-control packets rate limit Layer 3 control packets rate limit Layer 3 glean packets rate limit Layer 3 MTU packets rate limit Layer 3 multicast directly-connected packets rate limit Layer 3 multicast local-groups packets rate limit Layer 3 multicast rpf-leak packets rate limit Receive packets rate limit Default 100 packets per second 30,000 packets per second Disabled Disabled 10,000 packets per second 100 packets per second 500 packets per second 10,000 packets per second 10,000 packets per second 500 packets per second 30,000 packets per second Additional References For additional information related to implementing rate limits, see the following sections: Related Documents, page 22-8 22-7

Feature History for Rate Limits Chapter 22 Related Documents Related Topic Document Title Licensing Cisco Nexus 7000 Series NX-OS Licensing Guide, Release 4.1 reference Cisco Nexus 7000 Series NX-OS Security Reference, Release 4.1 Feature History for Rate Limits Table 22-2 lists the release history for this feature. Table 22-2 Feature History for IP ACLs Feature Name Releases Feature Information platform rate-limit command replaced 4.1(2) The platform rate-limit command was replaced with the hardware rate-limit command replaced. 22-8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback