How to configure a CPCAR

23

To configure the Control Plane Committed Access Rate (CPCAR), perform the following operations:
1. Run the cpu-defend policy policy-name command to create an anti-attack policy.
2. Run the packet-type packet-type rate-limit rate-value command in the anti-attack policy view to control the rate for delivering packets to the CPU and set thresholds.
3. Run the cpu-defend-policy policy-name [ global | slot slot-id ] command to apply the anti-attack policy.

Other related questions:
How to dynamically adjust the CPCAR rate on an AR router
In case of a system attack, the CPCAR rate static adjustment function cannot control the rate of delivering packets to the CPU in a timely manner. As a result, the CPU is overloaded, severely affecting the running state of the CPU. The CPCAR rate dynamic adjustment function can periodically detect the CPU usage. When detecting that the current CPU usage of the system exceeds a set threshold, the function dynamically adjusts the CPCAR within a normal range to reduce the impact of the attack on the CPU. The configuration procedure is as follows: 1. Run the system-view command to access the system view. 2. Run the cpu-defend policy policy-name command to access the anti-attack policy view. 3. Run the rate-adaption enable command to enable the CPCAR rate dynamic adjustment function. By default, the CPCAR rate dynamic adjustment function is not enabled. 4. Run the rate-adaption adjust-period period-value command to configure an interval of periodically detecting the CPU usage. By default, the periodical detection interval is 30s. 5. Run the rate-adaption cpu-usage threshold low low-value high high-value command to configure a CPU load threshold for triggering the CPCAR rate dynamic adjustment function. By default, the minimum CPU load threshold for triggering CPCAR rate dynamic adjustment is 65%, and the maximum threshold is 85%. 6. Run the rate-adaption adjust-step step-value command to configure an adjustment amplitude of the CPCAR rate. By default, the adjustment amplitude of the CPCAR rate is 20%. 7. (Optional) Run the rate-adaption exception packet-type packet-type command to configure types of protocols to which the CPCAR rate dynamic adjustment function does not apply. By default, the CPCAR rate dynamic adjustment function applies to all types of protocols.

Why does the CPCAR rate limit configuration not take effect
The CPU committed access rate (CPCAR) is configured in the attack defense policy view. The CPCAR takes effect only when the attack defense policy is applied on the main control board or interface board on the local area network (LAN) side.

Why doesn't the configured CPCAR value take effect
The CPCAR value is configured in the anti-attack policy view. When this policy is applied to the SRU or LAN interface card, the value takes effect.

An S series switch applies a traffic policy in which the ACL rule is configured as permit, but some permitted packets are counted as CPCAR dropped packets. Why
When S series fixed switches match received packets against rules, the priority of a traffic policy is higher than the priority of CPCAR. If both the CPCAR rate limit action and the permit action in a traffic policy take effect, a switch permits the matched packets and does not perform rate limitation on the packets. A switch matches packets against both traffic policy rules and CPCAR and then takes the action of the highest priority. Therefore, permitted packets may be counted as CPCAR dropped packets during the rule matching phase.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top