Description:
|
tmnxCpmProtEthCfmPolTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtEthCfmPolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an
Access Control List) used to rate limit the flow of Ethernet
Connectivity Fault Management packets. The table can be used to
minimize the impact of an Eth-CFM Denial of Service attack.
The table extends tmnxCpmProtPolTable, by allowing several
<rate-limit, eth-cfm-level, eth-cfm-opcode> triples to be defined for
a CPM protection policy.
For example, tmnxCpmProtEthCfmPolTable could contain the following
information (where the column labels for the table's index objects are
in upper case):
POLICY ID ENTRY NUM Level Opcode Rate Limit
--------- --------- ----- ------ ----------
250 10 {4} {10} 100 packets/sec
250 20 {4,6} {1,3} 200 packets/sec
250 30 {0-7} {0-255} 300 packets/sec
{0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}.
Suppose the example configuration above is in place, and an Eth-CFM
PDU arrives on a SAP which has Policy ID 250 configured against it.
If the PDU contains level=4 and opcode=1, the 200 packets/sec rate
limit is applied. Within a Policy ID, the first row (i.e.
the row with the lowest entry number) matching the PDU applies.
Therefore, the third row in the example applies a 300 packets/sec
limit to any PDU which does not match the first or second row.
At most four Policy IDs can have rows in this table. At most 10 rows
are supported per Policy ID.
If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values
(e.g. 10, 20, 30) when initially creating the rows for a particular
tmnxCpmProtPolicyId, it will be possible to add rows in the gaps
later, without reconfiguration.
A prerequisite for creating a row in this table: a row with the same
tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable. Deleting a row
in tmnxCpmProtPolTable deletes all the rows in this table with
matching tmnxCpmProtPolicyId values."
REFERENCE
"ITU-T Y.1731 Specification, 02/2008"
|
|