Usage¶

In this section, it is assumed that Virtual Accelerator has been properly installed and configured. See Getting Started for more details.

How value 0 is handled¶

All policers handled by the traffic conditioner module are composed of 1 or 2 conditions. Each condition is a trTCM, itself made of 2 token buckets, a committed token bucket (CIR and CBS) and an optional excess token bucket (EIR and EBS).

The API accepts the configuration of single-condition or double-condition policers with some parameters set to 0, and applies the corrections necessary to make it a valid configuration.

For each condition of a policer:

if the CIR or the CBS is zero, then CIR, CBS, EIR and EBS are set to zero by the API. No rate limit will be performed.
if the EIR or the EBS is zero, then both are set to zero by the API. Only committed traffic will be accepted.

Then:

if one of the conditions of a double-condition policer CBS is zero (it may be the first or the second condition), then the policer is transformed into a single-condition policer with the other condition parameters. The resulting single-policer CBS may anyhow be zero (in this case, no rate limit will be performed).

Consequently:

a token bucket rate and burst size are always both zero or both non-zero.
a double-condition policer will never have a zero CIR or zero CBS.
a single-condition policer may have a zero CBS.

Finally, a single-condition policer with zero CBS is bypassed. However, it is not the best way to disable rate limiting, because code is executed to determine that the traffic conditioner must eventually be bypassed. The good way to disable rate limiting is to delete the policer.

Configuring a traffic conditioner attached to an interface in the fast path¶

TC can be set per interface and per direction. The rate limiting can be applied separately for incoming and outgoing packets on a given interface.

The fast path implements a proxy over the NETFPC channel to allow fp-cli to interact with the FPN-SDK API.

tc-iface-add¶

Configure a traffic conditioner attached to an interface:

# tc-iface-add <iface> ingress|egress <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

<iface>

Interface name, physical interface or virtual interface.

ingress|egress

Direction.

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a traffic conditioner (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as EIR.

[G|M|K]pps|bps

tc-iface-del¶

Delete a traffic conditioner from an interface:

# tc-iface-del <iface> ingress|egress

Parameters

<iface>: Interface name, physical interface or virtual interface.
ingress|egress: Direction.

tc-iface¶

Display traffic conditioner rules configurations:

# tc-iface [<iface> ingress|egress]

Parameters

<iface>: Interface name, physical interface or virtual interface.
ingress|egress: Direction.

tc-iface-stats¶

Display traffic conditioner rules statistics:

# tc-iface-stats [<iface> ingress|egress]

Parameters

<iface>: Interface name, physical interface or virtual interface.
ingress|egress: Direction.

tc-iface-json¶

Display configured traffic conditioners and their statistics in json format:

tc-iface-json [vrfid all|<vrfid>]

Parameters

<vrfid>: Specifies the vrf of interfaces whose traffic conditioner will be displayed. Default 0. all dumps all vrfs.

tc-iface-stats-reset¶

Reset traffic conditioner statistics:

tc-iface-stats-reset [<iface>]

Parameters

<iface>: Interface name, physical interface or virtual interface.

Examples¶

Limit the bandwidth of traffic received on eth2_0 to 4000 Kbps with a maximum burst size of 512000 bytes:
```
tc-iface-add eth2_0 ingress 4000 512000 0 0 Kbps
```
- The CIR is set to 4000*1000 bps = 4000000 bps.
- The CBS is set to 512000 bytes = 4096000 bits.
- The EIR is set to 0 bits.
- The EBS is set to 0 bytes.
Display traffic conditioner rules for a single traffic conditioner:
```
tc-iface eth2_0
```
Display all configured traffic conditioners:
```
tc-iface
```
Display statistics for a single traffic conditioner:
```
tc-iface-stats eth2_0
```
Display all configured traffic statistics:
```
tc-iface-stats
```

Display configured traffic conditioners and their statistics:

tc-iface-json [vrfid all|VRFID]

If no vrfid is specified, only traffic conditioners in vrfid 0 will be
displayed.

Reset statistics on a single traffic conditioner:
```
tc-iface-stats-reset eth2_0
```
Reset all statistics traffic conditioner:
```
tc-iface-stats-reset
```

Configuring a traffic conditioner policer shared by several interfaces in the fast path¶

A traffic conditioner can be shared between several interfaces by creating a shared policer. The traffic flowing through the group of interfaces will consume tokens in the same traffic conditioner.

tc-policer-add¶

Create a shared policer:

tc-policer-add <name> <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps [<CIR2> <CBS2> <EIR2> <EBS2> [G|M|K]pps|bps]

Parameters

<name>: Policer name.

Other parameters are identical to those of the tc-iface-add command.

tc-iface-bind¶

Bind an interface ingress or egress to the policer:

tc-iface-bind <iface> ingress|egress <name>

Parameters

<iface>: Interface name, physical interface or virtual interface.
ingress|egress: Direction.
<name>: Policer name.

tc-iface-del¶

Unbind an interface ingress or egress from a policer:

tc-iface-del <iface> ingress|egress

The same command tc-iface-del is used regardless whether the interface is attached to a standalone traffic conditioner or bound to a shared policer. If it is a standalone traffic conditioner, it is deleted. If it is a shared policer, the interface is unbound from the policer, but the policer itself is not deleted.

tc-policer-del¶

Delete a shared policer. All interfaces bound to this policer are unbound:

tc-policer-del <name>

tc-policer¶

Display shared policer configurations:

tc-policer [<name>]

tc-policer-stats¶

Display shared policer statistics:

tc-policer-stats [<name>]

tc-policer-json¶

Display shared policer configurations and their statistics in json format:

tc-policer-json

tc-policer-stats-reset¶

Reset policer statistics:

tc-policer-stats-reset [<name>]

Examples¶

Limit the bandwidth of traffic received on eth1_0 and eth2_0 to 4000 Kbps with a maximum burst size of 512000 bytes, by sharing policer policer1:
```
tc-policer-add policer1 4000 512000 0 0 Kbps

tc-iface-bind eth1_0 ingress policer1
tc-iface-bind eth2_0 ingress policer1
```
Limit the bandwidth of traffic received on eth1_0 to 6000 Kbps with a maximum burst size of 768000 bytes, or 360 pps with a maximum burst size of 360 packets for policer policer2:
```
tc-policer-add policer2 6000 768000 0 0 Kbps 360 360 0 0 pps
tc-iface-bind eth1_0 ingress policer2
```
Display traffic conditioner rules for policer policer1:
```
tc-policer policer1
```
Display statistics for policer policer1:
```
tc-policer-stats policer1
```
Display shared policer configurations and their statistics in json format:
```
tc-policer-json
```
Display traffic conditioner rules for interfaces eth1_0 and eth2_0:
```
tc-iface eth1_0
tc-iface eth2_0
```
Display statistics for interfaces eth1_0 and eth2_0:
```
tc-iface-stats eth1_0
tc-iface-stats eth2_0
```
Unbind eth1_0 ingress from policer policer1:
```
tc-iface-del eth1_0 ingress
```
eth2_0 remains attached to policer1.

Configuring traffic conditioner filters in the fast path¶

A filtered traffic conditioner is applied only for packets that match a filter: the packet is masked at a specified offset, and compared with a value. If they are the same, the packet matches the filter.

For each direction (ingress or egress), an interface has a table a filtered traffic conditioner that can be set. The filters are evaluated sequentially. If a filter entry is unset, the next ones are ignored. When a packet matches a filter matches, the associated policer is selected for this packet. If no filter match, the interface default policer is selected, if any.

The filters are created independently and can be shared between several filtered traffic conditioner.

tc-filter-add¶

Create a shared filter:

tc-filter-add <name> [not] <offset> <hex-mask> <hex-value>

Parameters

<name>: Filter name.
not: Invert the filter.
<offset>: Offset in the packet where the filter should be applied.
<hex-mask>: Hexadecimal mask applied to packet data.
<hex-value>: Expected value after mask is applied.

tc-filter-del¶

Delete a shared filter.

tc-filter-del <name>

<name>: Filter name.

tc-filter¶

Display shared filter configurations:

tc-filter [<name>]

<name>: Filter name.

If name is not specified, all filters are displayed.

tc-filter-stats¶

Display shared filter statistics:

tc-filter-stats [<name>]

<name>: Filter name.

If name is not specified, all filter statistics are displayed.

tc-filter-json¶

Display shared filter configurations and their statistics in json format:

tc-filter-json

tc-filter-stats-reset¶

Reset filter statistics:

tc-filter-stats-reset [<name>]

tc-filter-attach¶

Attach a filter and a policer to the interface filter table.

tc-filter-attach <iface> ingress|egress <index> <filter-name> <policer-name>

<iface>: The name of the interface.
<index>: The index of the filter in the table.
<filter-name>: The name of the existing filter.
<policer-name>: The name of the existing policer.

tc-filter-detach¶

Detach a filter and a policer from an interface.

tc-filter-detach <iface> ingress|egress <index>

<iface>: The name of the interface.
<index>: The index of the filter in the table.

tc-filter-iface¶

Display filters attached to an interface.

tc-filter-iface [<iface>]

<iface>: The name of the interface.

If the interface name is not specified, all interfaces are displayed.

tc-filter-iface-json¶

Display filters attached to interfaces in json format.

tc-filter-iface [vrfid <vrfid>|all]

<vrfid>: The vrf of interfaces whose traffic conditioner filters will be displayed. If not specified, display the ones from current vrf.

Examples¶

Limit the bandwidth of broadcast traffic received on eth1_0 and eth2_0 to 4000 Kbps with a maximum burst size of 512000 bytes.

Limit traffic from a specific mac address 00:09:C0:10:10:10 to 8000 Kbps with a maximum burst size of 1024000 bytes.

Limit the rest of the traffic to 100 Mbps with a maximum burst size of 12800000 bytes.

tc-policer-add broadcast-pol 4000 512000 0 0 Kbps
tc-policer-add src-mac-pol 8000 1024000 0 0 Kbps
tc-policer-add default-pol 100 12800000 0 0 Mbps
tc-filter-add broadcast-filt 0 ffffffffffff ffffffffffff
tc-filter-add src-mac-filt 6 ffffffffffff 0009C0101010

tc-filter-attach eth1_0 ingress 0 broadcast-filt broadcast-pol
tc-filter-attach eth2_0 ingress 0 broadcast-filt broadcast-pol
tc-filter-attach eth1_0 ingress 1 src-mac-filt src-mac-pol
tc-filter-attach eth2_0 ingress 1 src-mac-filt src-mac-pol
tc-iface-bind eth1_0 ingress default-pol
tc-iface-bind eth2_0 ingress default-pol

Display filter broadcast-filt:
```
tc-filter broadcast-filt
```
Display statistics for filter broadcast-filt:
```
tc-filter-stats broadcast-filt
```
Display shared filter configurations and their statistics in json format:
```
tc-filter-json
```
Display filtered traffic conditioner for interfaces eth1_0 and eth2_0:
```
tc-filter-iface eth1_0
tc-filter-iface eth2_0
```
Unbind eth1_0 ingress from filters and policer:
```
tc-filter-detach eth1_0 ingress 0
tc-filter-detach eth1_0 ingress 1
tc-iface-del eth1_0 ingress
```
eth2_0 remains attached to the filtered policers broadcast-pol and src-mac-pol, and to its default policer default-pol.

Configuring a flow-based traffic conditioner rule in the fast path¶

The rate limiting can be applied for packets which match an ip flow. The ip flow is defined by interface, source ip, destination ip and ip protocol.

For physical interfaces, it is possible to rate limit traffic going through an interface and all logical interfaces created on top. It can be used for example to provide a global rate limiter for different VLAN declared on top of the same physical interface. An option is also given to rate-limit traffic without taking into account logical interfaces built on top of a physical interface (e.g. rate limit untagged traffic on a port where some VLANs are defined).

tc-flow-add¶

Description

Add a flow-based traffic conditioner rule.

Synopsis

tc-flow-add <iface> ingress|egress <addr src> <addr dst> <tos>|any <ip proto>|any
            <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps <priority>

Parameters

<iface>

interface name, physical interface or virtual interface.

ingress|ingress_all|egress

Direction. The ingress_all direction can be set only on a physical interface to apply the rate limiter to the physical interface and all virtual interfaces built on top. It is not possible, for the same flow, to add an ingress and an ingress_all with different values of rate limiting.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.

<tos>|any

ToS value, “any” means any DSCP value.

<ip proto>|any

IP protocol number, “any” means any IP protocol.

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a flow-based traffic conditioner rule (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

<priority>

Without priority second rule could be matched before the first one, even through we specifically try to reach the specified host.

Example

Limit the bandwidth of traffic received on eth2_0 from 10.24.3.92 to 10.22.3.91 to 4000 Kbps with a maximum burst size of 512000 bytes:

<fp-0> tc-flow-add eth2_0 ingress 10.24.3.92 10.22.3.91 any any 4000 512000 0 0 Kbps 1

The CIR is set to 4000*1000 bps = 4000000 bps.
The CBS is set to 512000 bytes = 4096000 bits.
The EIR is set to 0 bits.
The EBS is set to 0 bytes.

tc-flow-del¶

Description

Delete the specified flow-based traffic conditioner, either by ID or by flow.

Synopsis

tc-flow-del id <id>
or
tc-flow-del <iface> ingress|egress <addr src> <addr dst> <tos>|any <ip proto>|any

Parameters

<id>: Each tc flow rule has an ID. The id number can be shown by tc-flow command.
<iface>: interface name, physical interface or virtual interface.
ingress|ingress_all|egress: Direction.
<addr src>: Source ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.
<addr dst>: Destination ip address, a host ip or a subnet(ADDRESS/MASK), 0.0.0.0/0 means any ip address. For example: 192.168.1.2 or 192.168.1.0/24.
<tos>|any: ToS value, “any” means any DSCP value.
<ip proto>|any: IP protocol number, “any” means any IP protocol.

tc-flow-add6¶

Description

Add an IPv6 flow-based traffic conditioner rule.

Synopsis

tc-flow-add6 <iface> ingress|ingress_all|egress <addr src> <addr dst> <tc>|any <next header>|any
            <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps <priority>

Parameters

<iface>

interface name, physical or virtual interface.

ingress|egress

Direction. The ingress_all direction can be set only on a physical interface to apply the rate limiter to the physical interface and all virtual interfaces built on top. It is not possible, for the same flow, to add an ingress and an ingress_all with different values of rate limiting.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:1::/48.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:2::/48.

<tc>|any

Traffic Class of the flow, “any” meaning any class.

<next header>|any

Next header protocol, “any” means any protocol.

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a flow-based traffic conditioner rule (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

<priority>: Priority of the flow-based traffic conditioner rule among others, it is meant to allow priority to ensure more precise flow to be matched first, and the more generic flows after.

Example

Limit the bandwidth of traffic received on eth2_0 from 2001:DB8:1::1 to 2001:DB8:2::1 to 4000 Kbps with a maximum burst size of 512000 bytes:

<fp-0> tc-flow-add6 eth2_0 ingress 2001:DB8:1::1 2001:DB8:2::1 any any 4000 512000 0 0 Kbps 1

The CIR is set to 4000*1000 bps = 4000000 bps.
The CBS is set to 512000 bytes = 4096000 bits.
The EIR is set to 0 bits.
The EBS is set to 0 bytes.

tc-flow-del6¶

Description

Delete the specified IPv6 flow-based traffic conditioner, either by ID or by flow.

Synopsis

tc-flow-del6 id <id>
or
tc-flow-del6 <iface> ingress|egress <addr src> <addr dst> <tc>|any <next header>|any

Parameters

<id>

Each tc flow rule has an ID. The id number can be shown by tc-flow command.

<iface>

interface name, physical or virtual interface.

ingress|ingress_all|egress

Direction.

<addr src>

Source ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:1::/48.

<addr dst>

Destination ip address, a host ip or a subnet(ADDRESS/MASK).

:: means any IPv6 address.

Example: 2001:DB8:2::/48.

<tc>|any

Traffic Class of the flow, “any” meaning any class.

<next header>|any

tc-flow¶

Description

List one or all configured flow-based traffic conditioner.

Synopsis

tc-flow [<iface>] [ingress|egress]

Parameters

<iface>: Interface name. Optional. If interface is set, only rules on this interface are displayed.
ingress|egress: Direction. Optional. If direction is set, only rules matching the direction are displayed.

Example

<fp-0> tc-flow
Ingress TC: 1 rules
1: eth2_0 ingress 10.24.3.92/32 10.22.3.91/32 any 1 priority 1 (IPv4)
     CIR 4 Mbps
     CBS 512000
     EIR 0 bps
     EBS 0
Egress  TC: 0 rules

tc-flow-stats¶

Description

Dump statistics of the specified flow-based traffic conditioner. The packet/byte number of the 3 marked colors(Green/Yellow/Red) are displayed.

Synopsis

tc-flow-stats id <id>

Parameters

ID: Each tc flow rule has an ID. The id number can be shown by tc-flow command.

Example

<fp-0> tc-flow-stats id 1
Green  19940 packets 1674960 bytes
Yellow 0 packets 0 bytes
Red    114782 packets 9641688 bytes

tc-flow-stats-reset¶

Description

Reset the statistics of the specified flow-based traffic conditioner. The packet/byte number of the 3 marked colors will be set to 0.

Synopsis

tc-flow-stats-reset id <id>

Parameters

ID: Each tc flow rule has an ID. The id number can be shown by tc-flow command.

Providing options¶

There are 3 parameters provided by this module:

hash-order is the order of the hash table (1 << hash-order)
max-flows is the maximum number of flows.
timeout is the idle duration (in seconds) before one flow hash node is deleted.

You can dynamically set the 3 parameters when starting the fast path:

Hash order with option --mod-opt=tc-flow:--hash-order=<hash-order>. Default is 10.
Maximum number of flows with option --mod-opt=tc-flow:--max-flows=<flow-number>. Default is 10000.
Timeout with option --mod-opt=tc-flow:--timeout=<timeout-value>. Default is 5.

Note

See Fast Path Capabilities documentation for impact of the available memory on the default value of configurable capabilities

Configuring the global exception rate limitation¶

Critical control traffic filtering switch¶

Description

Enable or disable critical control traffic filtering for the global exception rate limit. This switch is enabled by default.

Synopsis

tc-erl-cp-prot-set [on|off]

Parameters

on: Enable critical control traffic filtering.
off: Disable critical control traffic filtering.

Example

<fp-0> tc-erl-cp-prot-set off

Displaying critical control traffic filtering switch status¶

Synopsis

tc-erl-cp-prot

Example

<fp-0> tc-erl-cp-prot
Critical control traffic filtering: off

Setting the global exception rate limitation¶

Synopsis

tc-erl-add <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a traffic conditioner rule. (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

Example

<fp-0> tc-erl-add 4000 512000 0 0 Kbps

Deleting the global exception rate limitation¶

Synopsis

tc-erl-del

Example

<fp-0> tc-erl-del

Displaying the global exception rate limitation¶

Synopsis

tc-erl

Example

<fp-0> tc-erl
tc-erl rule:
   CIR = 4095996 bps
   CBS = 512000
   EIR = 0 bps
   EBS = 0

Displaying the global exception rate limitation statistics¶

Synopsis

tc-erl-stats

Example

<fp-0> tc-erl-stats
tc-erl statistics:
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
   Number of times over rate limit: 0

Resetting the global exception rate limitation statistics¶

Synopsis

tc-erl-stats-reset

Example

<fp-0> tc-erl-stats-reset

Configuring exception rate limitation per input port¶

ERL rules may be attached to an input port. The rate limitation is applied to exceptions based on their arrival network port (not on their current physical or logical interface).

Critical control plane traffic (ARP, ICMP, routing protocols, IKE…) bypasses this kind of ERL rule.

The global ERL rule, if any, is also verified and applied.

Setting an exception rate limitation on a port¶

Synopsis

tc-erl-port-add <port_name> <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

<port_name>

Port name (interface name given to the port). This interface name may reference a physical port or vport, but not a logical interface.

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a traffic conditioner rule. (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

Example

<fp-0> tc-erl-port-add eth0 4000 512000 0 0 Kbps

Note

Although the port is referenced by an interface name, the rule is attached to the port itself, and will remain attached even if the interface name or vrfid change.

Deleting an exception rate limitation on a port¶

Synopsis

tc-erl-port-del <port_name>

Parameters

<port_name>: Port name.

Example

<fp-0> tc-erl-port-del eth0

Displaying per-port exception rate limitations¶

Synopsis

tc-erl-port [<port_name>]

Parameters

<port_name>: Optional port name. All ports if unspecified.

Example

<fp-0>  tc-erl-port
eth0-vrf0:
   CIR = 4 Mbps
   CBS = 512000
   EIR = 0 bps
   EBS = 0
eth1-vrf0:
   CIR = 100 pps
   CBS = 4
   EIR = 20 pps
   EBS = 2

Displaying statistics of per-port exception rate limitation¶

Synopsis

tc-erl-port-stats [<port_name>]

Parameters

<port_name>: Optional port name. All ports if unspecified.

Example

<fp-0> tc-erl-port-stats eth0
eth0-vrf0:
   Green  2543 packets 3838657 bytes
   Yellow 0 packets 0 bytes
   Red    488 packets 738832 bytes
   Number of times over rate limit: 3

<fp-0> tc-erl-port-stats
eth0-vrf0:
   Green  2543 packets 3838657 bytes
   Yellow 0 packets 0 bytes
   Red    488 packets 738832 bytes
   Number of times over rate limit: 3
eth1-vrf0:
   Green  3 packets 675 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
   Number of times over rate limit: 0

Resetting statistics of per-port exception rate limitation¶

Synopsis

tc-erl-port-stats-reset [<port_name>]

Parameters

<port_name>: Optional port name. All ports if unspecified.

Example

<fp-0> tc-erl-port-stats-reset eth0

<fp-0> tc-erl-port-stats-reset

Configuring exception rate limitation DSCP classes¶

Setting an exception rate limitation DSCP class¶

Synopsis

tc-erl-dscp-class-set <dscp_value> <dscp_class>

Parameters

<dscp_value>

TOS value to be associated with a DSCP class.

Can be expressed in base 10 or 16, if preceded with ‘0x’.

<dscp_class>

DSCP class of the value.

Example

<fp-0> tc-erl-dscp-class-set 0x20 3
<fp-0> tc-erl-dscp-class-set 34 3

Resetting an exception rate limitation DSCP class¶

Synopsis

tc-erl-dscp-class-reset [<dscp_class>]

Parameters

<dscp_class>

Optional DSCP class to be reset.

If none is provided, all DSCP classes are reset.

Example

<fp-0> tc-erl-dscp-class-reset 3

Displaying an exception rate limitation DSCP class¶

Synopsis

tc-erl-dscp-class [<dscp_class>]

Parameters

<dscp_class>

Optional DSCP class to be displayed.

If none is provided, all DSCP classes are displayed.

Example

<fp-0> tc-erl-dscp-class 3
<fp-0> tc-erl-dscp-class

Adding an exception rate limitation DSCP filter¶

Synopsis

tc-erl-dscp-cp-filter-add <if_name> <dscp_class>

Parameters

<if_name>

Interface name, physical or virtual.

Each interface uses a filter slot, which are limited to 16.

<dscp_class>

The DSCP class to be prioritized. Any packet having a DSCP value associated with this class and originating from this interface will be matched, marking this packet as high-priority.

The values any or all can be used to match all packets originating from this interface.

Example

<fp-0> tc-erl-dscp-cp-filter-add eth0 3
<fp-0> tc-erl-dscp-cp-filter-add eth1 any

Deleting an exception rate limitation DSCP filter¶

Synopsis

tc-erl-dscp-cp-filter-del <if_name> <dscp_class>

Parameters

<if_name>

Interface name, physical or virtual.

<dscp_class>

The DSCP class currently matched.

The values any or all can be used to completely remove the filter from this interface, freeing a slot for a new filter to be inserted eventually.

Example

<fp-0> tc-erl-dscp-cp-filter-del eth1 3
<fp-0> tc-erl-dscp-cp-filter-del eth0 all

Displaying an exception rate limitation DSCP filter¶

Synopsis

tc-erl-dscp-cp-filter [if_name]

Parameters

[if_name]: Optional interface name, physical or virtual. If provided, only the CP filter associated with this interface is displayed.

Example

<fp-0> tc-erl-dscp-cp-filter eth1
<fp-0> tc-erl-dscp-cp-filter

Adding an exception rate limitation DSCP traffic conditioner rule¶

Synopsis

tc-erl-if-dscp-add <if_name> <dscp_class> <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

Each traffic conditioner rule uses a slot, which are limited to 16.

<if_name>

Interface name, physical or virtual.

<dscp_class>

The DSCP class to be rate-limited. If set, only packets having DSCP value of this class will be matched by the associated traffic conditioner rule. If set, any packet having a DSCP value associated with this class and originating from this interface will be matched, and the traffic conditioner rule will be applied.

The values any or all can be used to signify that any DSCP value (even 0) would match the traffic conditioner rule.

Several traffic conditioner rules can be set for the same interface, if their associated DSCP classes are different. In some cases, when the specified DSCP class is any or all, then the most specific rule applies first (the one with a specific DSCP class), then the catch-all rule will match (DSCP class is any or all).

If a new rule is given for an (if_name, DSCP class) pair, the old one is updated with the new parameters.

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a traffic conditioner rule. (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

Example

<fp-0> tc-erl-if-dscp-add eth0 any 152000 4000 0 0 Kbps
<fp-0> tc-erl-if-dscp-add eth1 3 152000 4000 0 0 Kbps

Deleting an exception rate limitation DSCP traffic conditioner rule¶

Synopsis

tc-erl-if-dscp-del <if_name> <dscp_class> [<CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps]

Parameters

<if_name>

Interface name, physical or virtual.

<dscp_class>

The DSCP class of the rule to be deleted.

Specifying any or all will only delete the traffic conditioner rule matching any or all DSCP class. All other rules with a specific DSCP class are kept.

All other parameters are purely optional and are only accepted for ease-of-use.

Example

<fp-0> tc-erl-if-dscp-del eth0 any 152000 4000 0 0 Kbps
<fp-0> tc-erl-if-dscp-del eth1 3

Displaying an exception rate limitation DSCP traffic conditioner rule¶

Synopsis

tc-erl-if-dscp [<if_name> [<dscp_class>]]

Parameters

<if_name>

Interface name, physical or virtual.

If none provided, all DSCP traffic conditioner rules are displayed.

<dscp_class>

The DSCP class of the rule to be displayed.

If none provided and if_name is given, all rules on this interface are shown.

Example

<fp-0> tc-erl-if-dscp
eth1-vrf0:
  DSCP = 4
   CIR = 24 Mpps
   CBS = 5000
   EIR = 0 pps
   EBS = 0
eth2-vrf0:
  DSCP = Any
   CIR = 152 Mpps
   CBS = 4000
   EIR = 0 pps
   EBS = 0
eth2-vrf0:
  DSCP = 4
   CIR = 152 Mpps
   CBS = 4000
   EIR = 0 pps
   EBS = 0

<fp-0> tc-erl-if-dscp eth2
eth2-vrf0:
  DSCP = Any
   CIR = 152 Mpps
   CBS = 4000
   EIR = 0 pps
   EBS = 0
eth2-vrf0:
  DSCP = 4
   CIR = 152 Mpps
   CBS = 4000
   EIR = 0 pps
   EBS = 0

<fp-0> tc-erl-if-dscp eth2 any
eth2-vrf0:
  DSCP = Any
   CIR = 152 Mpps
   CBS = 4000
   EIR = 0 pps
   EBS = 0

Displaying exception rate limitation DSCP traffic conditioner rule statistics¶

Synopsis

tc-erl-if-dscp-stats [<if_name> [<dscp_class>]]

Parameters

<if_name>

Interface name, physical or virtual.

If none provided, all DSCP traffic conditioner rule statistics are displayed.

<dscp_class>

The DSCP class of the rule statistics to be displayed.

If none provided and if_name is given, all rule statistics on this interface are shown.

Example

<fp-0> tc-erl-if-dscp-stats
eth1-vrf0:
  DSCP = 4
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
eth2-vrf0:
  DSCP = Any
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
eth2-vrf0:
  DSCP = 4
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes

<fp-0> tc-erl-if-dscp-stats eth2
eth2-vrf0:
  DSCP = Any
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
eth2-vrf0:
  DSCP = 4
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes

<fp-0> tc-erl-if-dscp-stats eth2 any
eth2-vrf0:
  DSCP = Any
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes

Resetting exception rate limitation DSCP traffic conditioner rule statistics¶

Synopsis

tc-erl-if-dscp-stats-reset [<if_name> <dscp_class>]

Parameters

Either no parameters should be provided, or both if_name and DSCP class.

<if_name>

Interface name, physical or virtual.

If none provided, all DSCP traffic conditioner rule statistics are reset.

<dscp_class>

The DSCP class of the rule whose statistics will be reset

Example

<fp-0> tc-erl-if-dscp-stats-reset
<fp-0> tc-erl-if-dscp-stats-reset eth2 any

Configuring exception rate limitation rules per exception class¶

Mapping an exception class to a generic class¶

Synopsis

This function will map an exception class to a generic class.

A traffic conditioner rule is configured for each generic class, which is applied to any exception mapped to this generic class.

Several exception classes can be mapped to the same generic class.

tc-erl-class-exc-map <exception_class> <generic_class>

Parameters

<exception_class>

The exception class to map. Acceptable values are any from:

FPTUN_EXC_SP_FUNC
FPTUN_EXC_ETHER_DST
FPTUN_EXC_IP_DST
FPTUN_EXC_ICMP_NEEDED
FPTUN_EXC_NDISC_NEEDED
FPTUN_EXC_IKE_NEEDED
FPTUN_EXC_FPC
FPTUN_EXC_NF_FUNC
FPTUN_EXC_TAP
FPTUN_EXC_REPLAYWIN
FPTUN_EXC_ECMP_NDISC_NEEDED
FPTUN_EXC_SOCKET
FPTUN_EXC_IP_PMTU

The FPTUN_EXC_ prefix can be left out. The input is case-insensitive.

icmp_needed is strictly equivalent to FPTUN_EXC_ICMP_NEEDED.

<generic_class>

Example

<fp-0> tc-erl-class-exc-map FPTUN_EXC_ICMP_NEEDED 3
<fp-0> tc-erl-class-exc-map NDISC_NEEDED 3
<fp-0> tc-erl-class-exc-map tap 3

Unmapping an exception class from a generic class¶

Synopsis

This function resets the map from an exception class to a generic class. Essentially, it will set the generic class of this exception to the default generic class, unbinding this exception class from the traffic conditioner rule configured for its previous generic class.

tc-erl-class-exc-unmap <exception_class>

Parameters

<exception_class>

The exception class to unmap. Acceptable values are any from:

FPTUN_EXC_SP_FUNC
FPTUN_EXC_ETHER_DST
FPTUN_EXC_IP_DST
FPTUN_EXC_ICMP_NEEDED
FPTUN_EXC_NDISC_NEEDED
FPTUN_EXC_IKE_NEEDED
FPTUN_EXC_FPC
FPTUN_EXC_NF_FUNC
FPTUN_EXC_TAP
FPTUN_EXC_REPLAYWIN
FPTUN_EXC_ECMP_NDISC_NEEDED
FPTUN_EXC_SOCKET
FPTUN_EXC_IP_PMTU

The FPTUN_EXC_ prefix can be left out. The input is case-insensitive.

icmp_needed is strictly equivalent to FPTUN_EXC_ICMP_NEEDED.

Example

<fp-0> tc-erl-class-exc-unmap FPTUN_EXC_ICMP_NEEDED
<fp-0> tc-erl-class-exc-unmap NDISC_NEEDED
<fp-0> tc-erl-class-exc-unmap tap

Displaying the exception to generic class map¶

Synopsis

This function will show the current configured mapping from exception classes to generic classes.

tc-erl-class-exc [<exception_class>]

Parameters

<exception_class>

The optional exception class to display. If not set, all exception classes are shown.

Acceptable values are any from:

FPTUN_EXC_SP_FUNC
FPTUN_EXC_ETHER_DST
FPTUN_EXC_IP_DST
FPTUN_EXC_ICMP_NEEDED
FPTUN_EXC_NDISC_NEEDED
FPTUN_EXC_IKE_NEEDED
FPTUN_EXC_FPC
FPTUN_EXC_NF_FUNC
FPTUN_EXC_TAP
FPTUN_EXC_REPLAYWIN
FPTUN_EXC_ECMP_NDISC_NEEDED
FPTUN_EXC_SOCKET
FPTUN_EXC_IP_PMTU

The FPTUN_EXC_ prefix can be left out. The input is case-insensitive.

icmp_needed is strictly equivalent to FPTUN_EXC_ICMP_NEEDED.

Example

<fp-0> tc-erl-class-exc
Exception:              Class:
FPTUN_EXC_ICMP_NEEDED : 003
FPTUN_EXC_NDISC_NEEDED: 003
FPTUN_EXC_TAP         : 003

Configuring a classful traffic conditioner rule¶

Synopsis

Each generic classes can be configured with its own traffic conditioner rule.

This traffic conditioner rule will be applied to any packets matching this generic class, such as exceptions of a class mapped to this generic class.

tc-erl-class-set <generic_class> <CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps

Parameters

<generic_class>

The generic class of the traffic conditioner rule.

<CIR>

CIR. Expressed in:

multiples of bps
multiples of pps

<CBS>

CBS. Expressed in:

bytes
packets

A committed depth of 0 disables a traffic conditioner rule. (see How value 0 is handled).

<EIR>

EIR. Expressed in the same unit as CIR.

<EBS>

EBS. Expressed in the same unit as CBS.

[G|M|K]pps|bps

Example

<fp-0> tc-erl-class-set 1 152000 4000 0 0 Kbps
<fp-0> tc-erl-class-set 2 152000 25600 0 0 Kbps

Disabling a classful traffic conditioner rule¶

Synopsis

A generic class traffic conditioner rule can be disabled, while the class mapping remains.

If so, the traffic will be conditioned by the global tc-erl traffic conditioner rule if it is configured, and won’t be rate-limited at all otherwise.

tc-erl-class-reset <generic_class> [<CIR> <CBS> <EIR> <EBS> [G|M|K]pps|bps]

Parameters

<generic_class>: The generic class of the traffic conditioner rule to disable.

All other parameters are optional and will be discarded.

Example

<fp-0> tc-erl-class-reset 1 152000 4000 0 0 Kbps
<fp-0> tc-erl-class-reset 2

Displaying one or more exception rate limitation generic traffic conditioner rule¶

Synopsis

tc-erl-class [<generic_class>]

Parameters

<generic_class>: The (Optional) generic class of the traffic conditioner rule to display. If not set, the traffic conditioner rule of all generic classes are shown.

Example

<fp-0> tc-erl-class
Class 001:
   CIR = 152 Mbps
   CBS = 4000
   EIR = 0 bps
   EBS = 0
Class 002:
   CIR = 152 Mbps
   CBS = 25600
   EIR = 0 bps
   EBS = 0
<fp-0> tc-erl-class 2
Class 002:
   CIR = 152 Mbps
   CBS = 25600
   EIR = 0 bps
   EBS = 0

Displaying the statistics of one or more classful traffic conditioner rule¶

Synopsis

tc-erl-class-stats [<generic_class>]

Parameters

<generic_class>: The (Optional) generic class of the traffic conditioner rule statistics to display. If not set, the statistics of all generic classes traffic conditioner rules are shown.

Example

<fp-0> tc-erl-class-stats
Class 001:
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
Class 002:
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes
<fp-0> tc-erl-class-stats 2
Class 002:
   Green  0 packets 0 bytes
   Yellow 0 packets 0 bytes
   Red    0 packets 0 bytes

Resetting the statistics of one or more classful traffic conditioner rule¶

Synopsis

tc-erl-class-stats-reset [<generic_class>]

Parameters

<generic_class>: The (Optional) generic class of the traffic conditioner rule statistics to reset. If not set, the statistics of all generic classes traffic conditioner rules are reset.

Example

<fp-0> tc-erl-class-stats-reset 2
<fp-0> tc-erl-class-stats-reset

Providing options¶

--cp-prot¶

When set to 0, control plane traffic is affected by the exception rate limiter. When set to 1, control plane traffic bypasses the exception rate limiter.

Default value: 1
Range: 0 .. 1

Example

FP_OPTIONS="--mod-opt=tc-erl:--cp-prot=0"

--max-policer¶

Maximum number of tc policers that can be configured.

Default value: 2048 * 2
Memory footprint per tc policer: 768 B
Range: 0 .. 1M

Example

FP_OPTIONS="--mod-opt=tc:--max-policer=100"