Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1640
Views
5
Helpful
4
Replies

pppoe session throttle

Go to solution
Kijush Maharjan
Level 1
Level 1

‎03-12-2017 12:14 PM

I am current testing BNG in ASR9k. And, I wanted to block the mac address of subscribers who continuously sends PADR with wrong information. 

I found there is configurations of pppoe session throttle but i am a bit confused about the values.

(config-bbagroup)#sessions mac throttle 10 1 30

Does this mean that the per mac address is blocked for 20 minutes who tries 10 times within a minute? 

Please shade some light into my confusion. I hope the requirements are clear.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
xthuijs
Cisco Employee
Cisco Employee
In response to Kijush Maharjan

‎03-19-2017 04:25 PM

ah great kijush! yeah for the flow trap, also known as EFTP (elephant flow trap policer) you can check this ref for some more and detail and as always here too :)

cheers!

xander

View solution in original post

0 Helpful
4 Replies 4

Go to solution
xthuijs
Cisco Employee
Cisco Employee

‎03-13-2017 12:42 PM

hi kijush, mins would be a little crazy :) it is per second.

so in this configlet, if there are 10 requests in a second we block this mac for 30 seconds that is not processing his stuff.

Note that the NPU will *still* punt the PADx to the RP/LC cpu, but the receiving PPPoE manager will discard that request and not process it further.

If you want to go down to the hardware, look at the elephant trap feature, that is a per subscriber punt policer whereby we can penalize a abusive subscriber sending excessive punt traffic, whether that be PADx or anything the like and put them on the naughty spot for a period, super nanny would say!

cheers!

xander

Go to solution
Kijush Maharjan
Level 1
Level 1
In response to xthuijs

‎03-19-2017 10:18 AM

Hi Xander,

Thank you for the explanation. I got the logic how i should use the mac throttle now.

But i am more exploring on the one you suggested i.e Elephant trap feature. I think it has lot more control over mac throttle as well as other things too. However, let me explore into it and will drop any needed explanations and suggestions.

Thanks,

Kijush

0 Helpful

Go to solution
xthuijs
Cisco Employee
Cisco Employee
In response to Kijush Maharjan

‎03-19-2017 04:25 PM

ah great kijush! yeah for the flow trap, also known as EFTP (elephant flow trap policer) you can check this ref for some more and detail and as always here too :)

cheers!

xander

0 Helpful

Go to solution
Kijush Maharjan
Level 1
Level 1
In response to xthuijs

‎03-19-2017 09:36 PM

Thanks xander. I have already started working on EFTP...

Cheers.

0 Helpful
Customers Also Viewed These Support Documents