Enabling Excessive Punt Flow Trap Processing - Cisco ASR 9000 Series Configuration Manual
Aggregation services router broadband
network gateway
Hide thumbs
Also See for ASR 9000 Series:
- Command reference manual (1138 pages) ,
- Routing configuration manual (702 pages) ,
- Reference manual (696 pages)
Table of Contents
Advertisement
Configuring Subscriber Features
The excessive rate required to cause an interface to get trapped has nothing to do with the static punt rate
Note
(e.g. 1500 pps for ICMP). The excessive rate is a rate that is significantly higher than the current average
rate of other control packets being punted. The excessive rate is not a fixed rate, and is dependent on the
current overall punt packet activity.
Once a bad actor is trapped, it is penalty policed on all its punted protocols (ARP, DHCP, PPP, etc.), irrespective
of the protocol that caused it to be identified as a bad actor. A penalty rate of 10 pps is sufficient to allow the
other protocols to function normally. However, if the bad actor is trapped by source MAC address, then all
its packets are dropped.
When an interface is trapped, it is placed in a "penalty box" for a period of time (a default of 15 minutes). At
the end of the penalty timeout, it is removed from penalty policing (or dropping). If there is still an excessive
rate of control packet traffic coming from the remote device, then the interface is trapped again.
Restrictions
These restrictions apply to implementing Excessive Punt Flow Trap feature:
• This feature does not support interfaces on SIP-700 line cards and ASR 9000 Ethernet Line Card.
• This feature is non-deterministic. In some cases, the Excessive Punt Flow Trap feature can give a false
• The Excessive Punt Flow Trap feature traps flows based on the relative rate of different flows; thus, the
• Sometimes control packet traffic can occur in bursts. The Excessive Punt Flow Trap has safeguards
Enabling Excessive Punt Flow Trap Processing
Perform this task to enable the Excessive Punt Flow Trap feature for both subscriber and non-subscriber
interfaces. The task also enables you to set the penalty policing rate and penalty timeout for a protocol.
SUMMARY STEPS
1. configure
2. lpts punt excessive-flow-trap subscriber-interfaces
3. lpts punt excessive-flow-trap non-subscriber-interfaces
4. lpts punt excessive-flow-trap penalty-rate protocol penalty_policer_rate
5. lpts punt excessive-flow-trap penalty-timeout protocol time
6. Use the commit or end command.
OL-28375-03
positive, i.e. it could trap an interface that is sending legitimate punt traffic.
behavior depends on the ambient punt rates. A flow that is significantly higher than other flows could
be trapped as a bad actor. Thus the feature is less sensitive when there are many flows, and more sensitive
when there are fewer flows present.
against triggering on short bursts, but longer bursts could trigger a false positive trap.
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
Enabling Excessive Punt Flow Trap Processing
4.3.x
215
Advertisement
Chapters
Table of Contents
