Date created: Thursday, April 28, 2022 7:52:53 AM. Last modified: Wednesday, June 1, 2022 11:01:43 AM

LPTS on IOS-XR

ARP Policing

LPTS provides two different kinds of policers; those that limited distributed destined to each LC CPU, and those limit traffic sent to the RP CPU. The line cards locally handle control-plane traffic such as ARP, ICMP, BFD etc. The RP handles management plane traffic such as SSH, HTTP, SNMP etc. LPTS is a distributed process, policer settings are enforced on each line card in the chassis.

The policers relating to line card processed traffic are configured per line card e.g., a single policer rate for ARP traffic can't be configured for all line cards from a single command. The ARP rate must be individually configured on each card, and can vary by line card. The policers on each line card that relate to RP destined traffic are configured under a single command and this applies to all line cards present in the chassis, and doesn’t allow for variation per line card.

RP traffic policers are configured under the "pifib" configuration stanza, under "lpts" in global config:

RP/0/RSP0/CPU0:ASR9904-XR7.1.3#show run lpts
lpts pifib hardware police
flow ssh known rate 8196
flow ssh default rate 8196
flow http known rate 8192

It makes sense then, that these RP-related policer values can be viewed with the "show lpts pifib" command, specifying the line card to read the value from (note that both line cards in this chassis have the same values):


RP/0/RSP0/CPU0:ASR9904-XR7.1.3#show lpts pifib hardware police location 0/0/CPU0 | inc "FlowType|Global"
FlowType Policer Type Cur. Rate Def. Rate Accepted Dropped TOS Value
SSH-known 27 Global 8196 300 0 0 01234567
SSH-default 28 Global 8196 200 21536 0 01234567
HTTP-known 29 Global 8192 400 0 0 01234567

RP/0/RSP0/CPU0:ASR9904-XR7.1.3#show lpts pifib hardware police location 0/1/CPU0 | inc "FlowType|Global"
FlowType Policer Type Cur. Rate Def. Rate Accepted Dropped TOS Value
SSH-known 27 Global 8196 300 0 0 01234567
SSH-default 28 Global 8196 200 33 0 01234567
HTTP-known 29 Global 8192 400 0 0 01234567

 

So far so good. When one wishes to configure the policer which rates to traffic destined/punted to the LC CPU, then the configuration is applied under the "punt" stanza of the "lpts" global config option, and this is configured per line card:

RP/0/RSP0/CPU0:ASR9904-XR7.1.3#conf t
RP/0/RSP0/CPU0:ASR9904-XR7.1.3(config)#lpts punt police location 0/0/CPU0 protocol arp rate 10000
RP/0/RSP0/CPU0:ASR9904-XR7.1.3(config)#commit

However, when one wishes to view this configuration there is no "show lpts punt" command, one must use the non-obvious "static-police" keyword, and that is under the "pifib" keyword which confusingly is the keyword for RP punted traffic. Below it can be see that each line card has a separate ARP policer rate now configured:

RP/0/RSP0/CPU0:ASR9904-XR7.1.3#show lpts pifib hardware static-police location 0/0/CPU0 | inc "Reason|PUNT_ARP"
Punt Reason SID Flow Rate Burst Rate Accepted Dropped Destination
PUNT_ARP ARP 10000 200 98 0 Local

RP/0/RSP0/CPU0:ASR9904-XR7.1.3#show lpts pifib hardware static-police location 0/1/CPU0 | inc "Reason|PUNT_ARP"
Punt Reason SID Flow Rate Burst Rate Accepted Dropped Destination
PUNT_ARP ARP 1000 200 49 0 Local