Configuring Rate Limits

Similar documents
Configuring Rate Limits

Configuring Rate Limits

Configuring SPAN. About SPAN. SPAN Sources

Configuring sflow. About sflow. sflow Agent

Configuring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:

Configuring Traffic Storm Control

Configuring Traffic Storm Control

Configuring ECMP for Host Routes

Configuring TAP Aggregation and MPLS Stripping

Configuring TAP Aggregation and MPLS Stripping

Configuring Q-in-Q VLAN Tunnels

Configuring IP ACLs. About ACLs

Class-based Quality-of-Service MIB

Configuring Mutation Mapping

Contents. Introduction. Background Information. Terminology. ACL TCAM Regions

Configuring Local SPAN and ERSPAN

Configuring Session Manager

Configuring IP ACLs. About ACLs

Configuring Control Plane Policing

Configuring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER

Configuring SPAN. Finding Feature Information. About SPAN. SPAN Sources

Configuring IPv4. Finding Feature Information. This chapter contains the following sections:

Configuring Control Plane Policing

Configuring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

Configuring Network QoS

Configuring Q-in-Q VLAN Tunnels

Configuring Control Plane Policing

Configuring Policy-Based Routing

Monitoring QoS Statistics

Managing the Unicast RIB and FIB

Configuring Layer 2 Switching

Configuring Unicast RPF

Configuring Private VLANs Using NX-OS

Configuring Static Routing

This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

Configuring IP TCP MSS

Configuring Password Encryption

Configuring Layer 2 Switching

Configuring the Catena Solution

Configuring Tap Aggregation and MPLS Stripping

Configuring a MAC ACL

Configuring ACL Logging

Configuring Static MPLS

Managing the Unicast RIB and FIB, on page 5

Configuring Q-in-Q VLAN Tunnels

Managing the Unicast RIB and FIB, page 5

Configuring Layer 3 Interfaces

Overview of the Cisco OpenFlow Agent

Configuring Priority Flow Control

Configuring EtherChannels

Configuring Port Channels

Verified Scalability Limits

Configuring IPv6 First-Hop Security

Configuring DNS. Finding Feature Information. Information About DNS Clients. DNS Client Overview

Configuring Enhanced Virtual Port Channels

Configuring FCoE NPV. FCoE NPV Overview. FCoE NPV Benefits

Nexus 7000 and 7700 Series Switches Optimized ACL Logging Configuration Example

Finding Feature Information, page 2 Information About DHCP Snooping, page 2 Information About the DHCPv6 Relay Agent, page 8

This chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices. This chapter includes the following sections:

Configuring Classification

Configuring IP ACLs. Finding Feature Information

Configuring IGMP Snooping

Configuring DHCP Snooping

Configuring EEE. Finding Feature Information. This chapter describes how to configure Energy Efficient Ethernet (EEE) on Cisco NX-OS devices.

Configuration Examples for DHCP, on page 37 Configuration Examples for DHCP Client, on page 38 Additional References for DHCP, on page 38

Borderless Networks Security: Cisco Catalyst 6500 Series Control Plane Protection Techniques for Maximum Uptime

Port ACLs (PACLs) Prerequisites for PACls CHAPTER

Configuring Password Encryption

Configuring Online Diagnostics

Layer 3 Forwarding and Troubleshooting Deep Dive on Nexus 9000/3000

Configuring Control Plane Policing

PracticeTorrent. Latest study torrent with verified answers will facilitate your actual test

Verified Scalability Limits

Configuring Layer 3 Interfaces

Configuring Policy-Based Routing

vpc Layer 3 Backup Routing with F1 and Peer Gateway

Cisco Nexus 9500 Series Switches Buffer and Queuing Architecture

Configuring EtherChannels

Configuring Rapid PVST+ Using NX-OS

Configuring Online Diagnostics

Configuring Ingress Policing

Configuring EtherChannels

Configuring OpenFlow. Information About OpenFlow. This chapter contains the following sections:

Configuring IP Tunnels

Configuring STP Extensions Using Cisco NX-OS

Configuring System Message Logging

Configuring VXLAN EVPN Multi-Site

Configuring Control Plane Policing

Configuring Layer 3 Virtualization

Configuring Port Channels

Configuring System Message Logging

Configuring Virtual Port Channels

Configuring NTP. Information About NTP. This chapter contains the following sections:

Configuring Network QoS

Cisco Nexus 9000 Series NX-OS IP Fabric for Media Solution Guide, Release 7.0(3)I4(2)

Configuring Control Plane Policing

Configuring MPLS Label Imposition

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches

Configuring Static and Dynamic NAT Translation

Configuring Policy-Based Routing

Transcription:

This chapter describes how to configure rate limits for supervisor-bound traffic on Cisco NX-OS devices. This chapter includes the following sections: About Rate Limits, page 1 Licensing Requirements for Rate Limits, page 2 Guidelines and Limitations for Rate Limits, page 2 Default Settings for Rate Limits, page 3, page 3 Monitoring Rate Limits, page 5 Clearing the Rate Limit Statistics, page 6 Verifying the Rate Limit Configuration, page 6 Configuration Examples for Rate Limits, page 7 Additional References for Rate Limits, page 7 About Rate Limits Rate limits can prevent redirected packets for exceptions from overwhelming the supervisor module on a Cisco NX-OS device. You can configure rate limits in packets per second for the following types of redirected packets: Access-list log packets Bidirectional forwarding detection (BFD) packets Catch-all exception traffic Fabric Extender (FEX) traffic Layer 3 glean packets Layer 3 multicast data packets SPAN egress traffic For this option only, you can configure rate limits in kilobits per second. 1

Licensing Requirements for Rate Limits Licensing Requirements for Rate Limits The following table shows the licensing requirements for this feature: Product Cisco NX-OS License Requirement No license is required for rate limits. Any feature not included in a license package is bundled with the nx-os image and is provided at no extra charge to you. For an explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. Guidelines and Limitations for Rate Limits Rate limits has the following configuration guidelines and limitations: You can set rate limits for supervisor-bound exception and redirected traffic. Use control plane policing (CoPP) for other types of supervisor-bound traffic. Note Hardware rate-limiters protect the supervisor CPU from excessive inbound traffic. The traffic rate allowed by the hardware rate-limiters is configured globally and applied to each individual I/O module. The resulting allowed rate depends on the number of I/O modules in the system. CoPP provides more granular supervisor CPU protection by utilizing the modular quality-of-service CLI (MQC). Beginning with Cisco NX-OS Release 7.0(3)I6(1), you can configure a hardware rate-limiter to show statistics for outbound traffic on SPAN egress ports. This rate-limiter is supported on all Cisco Nexus 9000, 9300, and 9500 Series switches, and the Cisco Nexus 3164Q, 31128PQ, 3232C, and 3264Q switches. Beginning with Cisco NX-OS Release 7.0(3)I6(1): The rate-limiter on egress ports is limited per pipe on the Cisco Nexus 9300 and 9500 Series switches; Cisco Nexus 3164Q and 31128PQ switches; and the Cisco Nexus 3232C and 3264Q switches. The rate-limiter on egress ports is limited per slice on the Cisco Nexus Cisco Nexus 9200 and 9300-EX Series switches. Cisco Nexus 9300 and 9500 Series switches; Cisco Nexus 3164Q and 31128PQ switches; and the Cisco Nexus 3232C and 3264Q switches, support both local and ERSPAN. However, the rate-limiter only applies to ERSPAN. You must configure e-racl ACL TCAM region to enable the rate-limiter on these switches. (For more information, see the Configuring ACL TCAM Region Sizes section in the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.) Cisco Nexus 9200 and 9300-EX Series switches; and the N9K-X9736C-EX, N9K-97160YC-EX, N9K-X9732C-EX, N9K-X9732C-EXM line cards, the SPAN egress rate-limiter applies to both ERSPAN and local SPAN. You do not require special TCAM carving to use the rate-limiter on these devices. 2

Default Settings for Rate Limits For Cisco Nexus 92160YC-X, 92304QC, 9272Q, 9232C, 92300YC, 9348GC-FXP, 93108TC-FX, 93180YC-FX ToR switches; Cisco Nexus 3232C and 3264Q switches, you should not configure both sflow and ERSPAN. Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. Related Topics Configuring Control Plane Policing Default Settings for Rate Limits This table lists the default settings for rate limits parameters. Table 1: Default Rate Limits Parameters Settings Parameters Access-list log packets rate limit BFD packets rate limit Exception packets rate limit FEX packets rate limit Layer 3 glean packets rate limit Layer 3 multicast data packets rate limit SPAN egress rate limit Default 100 packets per second 10000 packets per second 50 packets per second 1000 packets per second 100 packets per second 3000 packets per second No limit You can set rate limits on supervisor-bound traffic. 3

SUMMARY STEPS 1. configure terminal 2. hardware rate-limiter access-list-log {packets disable} [module module [port start end]] 3. hardware rate-limiter bfd packets [module module [port start end]] 4. hardware rate-limiter exception packets [module module [port start end]] 5. hardware rate-limiter fex packets [module module [port start end]] 6. hardware rate-limiter layer-3 glean packets [module module [port start end]] 7. hardware rate-limiter layer-3 multicast local-groups packets [module module [port start end]] 8. hardware rate-limiter span-egress rate [module module] 9. (Optional) show hardware rate-limiter [ access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress module module] 10. (Optional) copy running-config startup-config DETAILED STEPS Step 1 Command or Action configure terminal Enters global configuration mode. Step 2 Step 3 switch# configure terminal switch(config)# hardware rate-limiter access-list-log {packets disable} [module module [port start end]] switch(config)# hardware rate-limiter access-list-log 200 hardware rate-limiter bfd packets [module module [port start end]] Configures rate limits in packets per second for packets copied to the supervisor module for access list logging. The range is from 0 to 10000. Configures rate limits in packets per second for bidirectional forwarding detection (BFD) packets. The range is from 0 to 10000. Step 4 Step 5 switch(config)# hardware rate-limiter bfd 500 hardware rate-limiter exception packets [module module [port start end]] switch(config)# hardware rate-limiter exception 500 hardware rate-limiter fex packets [module module [port start end]] Configures rate limits in packets per second for any exception traffic in the system that is not classified by the Control Plane Policing (CoPP) policy. The range is from 0 to 10000. Configures rate limits in packets per second for supervisor-bound FEX trafffic. The range is from 0 to 10000. switch(config)# hardware rate-limiter fex 500 4

Monitoring Rate Limits Step 6 Step 7 Command or Action hardware rate-limiter layer-3 glean packets [module module [port start end]] switch(config)# hardware rate-limiter layer-3 glean 500 hardware rate-limiter layer-3 multicast local-groups packets [module module [port start end]] Configures rate limits in packets per second for Layer 3 glean packets. The range is from 0 to 10000. A node receiving traffic for a particular destination might be unable to forward traffic because it is unaware of the rewrite information or the physical layer interface behind which the destination resides. During this time, it is possible to install a glean entry in the data path for that destination. Because this might not be a pointer to the global punt adjacency, a reserved module or port value is used to punt such packets to the supervisor. This glean rate can be controlled using the given rate limiter. Note The CoPP policy controls the rate of glean packets that are forwarded due to global punt adjacency, and this rate limiter controls the destination-specific glean packets. Configures rate limits in packets per second for Layer 3 multicast data packets that are punted for initiating a shortest-path tree (SPT) join. The range is from 0 to 10000. Step 8 Step 9 switch(config)# hardware rate-limiter layer-3 multicast local-groups 300 hardware rate-limiter span-egress rate [module module] switch(config)# hardware rate-limiter span-egress 123 show hardware rate-limiter [ access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress module module] Configures rate limits in kilobits per second for SPAN for egress traffic. The range is from 0 to 100000000. Note You should not configure both sflow and the SPAN egress rate-limiter. (Optional) Displays the rate limit configuration. The module range is from 1 to 30. Step 10 switch# show hardware rate-limiter copy running-config startup-config switch# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Monitoring Rate Limits You can monitor rate limits. 5

Clearing the Rate Limit Statistics SUMMARY STEPS 1. show hardware rate-limiter [access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress module module] DETAILED STEPS Step 1 Command or Action show hardware rate-limiter [access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress module module] Displays the rate limit statistics. switch# show hardware rate-limiter access-list-log Clearing the Rate Limit Statistics SUMMARY STEPS You can clear the rate limit statistics. 1. clear hardware rate-limiter {all access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress [module module] } DETAILED STEPS Step 1 Command or Action clear hardware rate-limiter {all access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress [module module] } Clears the rate limit statistics. switch# clear hardware rate-limiter access-list-log Verifying the Rate Limit Configuration To display the rate limit configuration information, perform the following tasks: Command show hardware rate-limiter [access-list-log bfd exception fex layer-3 glean layer-3 multicast local-groups span-egress module module] Displays the rate limit configuration. 6

Configuration Examples for Rate Limits Configuration Examples for Rate Limits The following example shows how to configure rate limits for packets copied to the supervisor module for access list logging: switch(config)# hardware rate-limiter access-list-log switch(config)# show hardware rate-limiter access-list-log Units for Config: packets per second Allowed, Dropped & Total: aggregated since last clear counters Module: 4 R-L Class Config Allowed Dropped Total +------------------+--------+---------------+---------------+----------------- + access-list-log 100 0 0 0 Port group with configuration same as default configuration Eth4/1-36 Module: 22 R-L Class Config Allowed Dropped Total +------------------+--------+---------------+---------------+----------------- + access-list-log 100 0 0 0 Port group with configuration same as default configuration Eth22/1-0 The following example shows how the SPAN egress rate limiter might be in conflict with sflow: switch(config)# hardware rate-limiter span-egress 123 Warning: This span-egress rate-limiter might affect functionality of sflow switch(config)# show hardware rate-limiter span-egress Units for Config: packets per second (kilo bits per second for span-egress) Allowed, Dropped & Total: aggregated since Module: 1 R-L Class Config Allowed Dropped Total +----------------+----------+--------------+--------------+----------------+ L3 glean 100 0 0 0 L3 mcast loc-grp 3000 0 0 0 access-list-log 100 0 0 0 bfd 10000 0 0 0 exception 50 0 0 0 fex 3000 0 0 0 span 50 0 0 0 dpss 6400 0 0 0 span-egress 123 0 0 0 <<configured Additional References for Rate Limits This section includes additional information related to implementing rate limits. Related Documents Related Topic Cisco NX-OS licensing Document Title Cisco NX-OS Licensing Guide 7

Additional References for Rate Limits 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback