Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipment2.2-R02
71727374757677787980
3 — NE user and device security
3-4 Alcatel-Lucent 5620 Service Aware Manager
5620 SAM
System Administrator Guide
3.3 CPM filters and traffic management
Device CPMs provide dedicated traffic management and queuing hardware to
protect the control plane. You can use CPM filters to specify which types of traffic
to accept or deny, and to allocate and rate-limit the shaping queues for traffic directed
to the CPMs.
The 5620 SAM supports the following CPM traffic management functions:
traffic classification using CPM filters
Packets going to the CPM are first classified by the IOM into forwarding classes
before recognition by the CPM hardware. You can use CPM filters to further
classify the packets using L3/L4 information, for example, destination IP, DSCP
value, and TCP SYN/ACK.
queue allocation
Queues 1 — 8 are the default queues. They cannot be modified or deleted.
Unclassified traffic is directed to the default queues.
Queues 9 — 32 are reserved for future use.
Queues 33 — 2000 are available for allocation.
Queues 2001 — 8000 are used for per-peer queuing.
queue configuration
PIR
CIR
CBS
MBS
3.4 DoS protection
The 5620 SAM supports the use of DoS protection on network and access interfaces.
To protect NEs from the high incoming packet rates that characterize DoS attacks,
you can use the 5620 SAM to configure DoS protection for the following scenarios:
the arrival of unprovisioned link-layer protocol packets that are received from CE
devices in the core network
the arrival of excessive subscriber control-plane packets on L2 or L3 access
interfaces in aggregation networks
the arrival of excessive Ethernet CFM frames on L2 and L3 access interfaces,
SAPs, and SDP bindings, based on a combination of CFM OpCode and
MEG-level values
Note 1 — The 7705 SAR does not support Queue filters or MAC
CPM IP filters.
Note 2 — There is no partial distribution of CPM IP filter policies to
a 7705 SAR. When you distribute a CPM IP Filter policy to a
7705 SAR, every entry, property, and value in the policy must be
supported by the NE, or the policy distribution to the 7705 SAR is
blocked.
Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01