Can rate limiting be configured on Eth-Trunks of S series modular switches, and how to make configured rate limits take effect

19

S series modular switches support inbound rate limiting on an Eth-Trunk (using the qos car command). After the configuration is complete:
- If member interfaces of the Eth-Trunk are on different cards, the rate limit applies to each interface individually.
- If member interfaces of the Eth-Trunk are on the same card, they share the bandwidth specified by the rate limit. The bandwidth is shared by the member interfaces randomly.

Other related questions:
Why does the CPCAR rate limit configuration not take effect
The CPU committed access rate (CPCAR) is configured in the attack defense policy view. The CPCAR takes effect only when the attack defense policy is applied on the main control board or interface board on the local area network (LAN) side.

ARP rate limiting on S series switch
An S series switch, except S1700, can limit the rate of ARP packets and ARP Miss messages. When the switch receives many ARP packets, configure ARP packet rate limiting to prevent CPU overloading. When the switch receives many IP packets of which the destination IP addresses cannot be resolved, the switch generates a large number of ARP Miss messages, delivers temporary ARP entries and sends may ARP request packets to the destination network. This increases CPU load and consumes bandwidth. To avoid IP packet attacks, configure ARP Miss rate limiting on the switch.

Why doesn't the configured CPCAR value take effect
The CPCAR value is configured in the anti-attack policy view. When this policy is applied to the SRU or LAN interface card, the value takes effect.

How to configure ARP packet rate limit on S series switcheses
For S series switcheses (except S1700 switches): You can configure the rate limit on ARP packets in one of the following methods as required: - Limiting the rate on ARP packets based on source MAC addresses (supported by the S5720EI, S5720HI, S6720EI, and all S series modular switches, but not supported by E series switches) # Set the maximum rate of ARP packets from the specified MAC address 0-0-1 to 50 pps. [HUAWEI] arp speed-limit source-mac 0-0-1 maximum 50 - Limiting the rate on ARP packets based on source IP addresses # Set the maximum rate of ARP packets from the specified IP address 10.0.0.1 to 50 pps. [HUAWEI] arp speed-limit source-ip 10.0.0.1 maximum 50 Limiting the rate on ARP packets globally, in a VLAN, or on an interface # Configure Layer 2 interface GE0/0/1 to allow 200 ARP packets to pass through in 10 seconds, and to discard all ARP packets in 60 seconds when the number of ARP packets exceeds the limit. [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit enable [HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit packet 200 interval 10 block-timer 60 - Limiting the rate on ARP packets on a VLANIF interface of a super-VLAN # Set the maximum rate of broadcasting ARP Request packets on VLANIF interfaces in all super-VLANs to 500 pps. [HUAWEI] arp speed-limit flood-rate 500

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top