Administrator Guide
• VLT peer routing enable cases each VLT node will have route entry for link local address of both self and peer VLT node. Peer VLT
link local entry will have egress port as ICL link. And Actual link local address will have entry to CopyToCpu. But NDP packets
destined to peer VLT node needs to be taken to CPU and tunneled to the peer VLT node..
• NDP packets in VLT peer routing disable case
• NDP packets intended to peer VLT chassis taken to CPU and tunnel to peer.
The following table describes the protocol to queue mapping with the CPU queues increased to be 12.
Table 15. Redirecting Control Traffic to 12 CPU queues
CPU Queue Weights Rate (pps) Protocol
0 100
1300 BFD
1 1 300 MC
2 2 300 TTL0, TTL1, IP with options, Mac limit violation, Hyper
pull, L3 with Bcast MacDA, Unknown L3, ARP
unresolved, ACL Logging
3 4 400 sFlow, L3 MTU Fail frames
4 127 2000 IPC/IRC, VLT Control frames
5 16 300 ARP Request, NS, RS, iSCSI OPT Snooping
6 16 400 ICMP, ARP Reply, NTP, Local terminated L3, NA,
RA,ICMPv6 (other Than NDP and MLD)
7 64 400 xSTP, FRRP, LACP, 802.1x,ECFM,L2PT,TRILL, Open
flow
8 32 400 PVST, LLDP, GVRP, FCOE, FEFD, Trace flow
9 64 600 OSPF, ISIS, RIPv2, BGP
10 32 300 DHCP, VRRP
11 32 300 PIM, IGMP, MSDP, MLD
Catch-All Entry for IPv6 Packets
Dell EMC Networking OS currently supports configuration of IPv6 subnets greater than /64 mask length, but the agent writes it to the
default LPM table where the key length is 64 bits. The device supports table to store up to 256 subnets of maximum of /128 mask
lengths. This can be enabled and agent can be modified to update the /128 table for mask lengths greater than /64. This will restrict the
subnet sizes to required optimal level which would avoid these NDP attacks. The IPv6 stack already supports handling of >/64 subnets
and doesn’t require any additional work. The default catch-all entry is put in the LPM table for IPv4 and IPv6. If this is included for IPv6,
you can disable this capability by using the no ipv6 unknown-unicast command. Typically, the catch-all entry in LPM table is used
for soft forwarding and generating ICMP unreachable messages to the source. If this is in place then irrespective of whether it is </64
subnet or >/64 subnet, it doesn’t have any effect as there would always be LPM hit and traffic are sent to CPU.
Unknown unicast L3 packets are terminated to the CPU CoS queue which is also shared for other types of control-plane packets like ARP
Request, Multicast traffic, L3 packets with Broadcast MAC address. The catch-all route poses a risk of overloading the CPU with
unknown unicast packets. This CLI knob to turn off the catch-all route is of use in networks where the user does not want to generate
Destination Unreachable messages and have the CPU queue’s bandwidth available for higher priority control-plane traffic.
Configuring CoPP for OSPFv3
You can create an IPv6 ACL for control-plane traffic policing for OSPFv3, in addition to the CoPP support for VRRPv3, BGPv6, and
ICMPv6. You can use the ipv6 access-list name cpu-qos permit ospfv3 or the ipv6 access-list name cpu-qos
ospfv3 command to allow CoPP traffic for OSPFv3. The control plane management support for IPv6 ICMPv6 packets is enhanced to
enable more number of CPU queues on port to be available and other COPP improvements have been implemented.
To configure control-plane policing, perform the following:
228
Control Plane Policing (CoPP)