Use this command to configure a default port congestion notification domain defense mode for all ports on the device for each priority.
| priority | Specifies a CNPV to which the specified defense mode will be applied on this switch. |
| disabled | Specifies that the congestion notification capability is administratively disabled for this priority value. |
| edge | Specifies that the global default domain defense setting is edge for all ports. |
| interior | Specifies that the global default domain defense setting is interior for all ports. |
| interior-ready | Specifies that the global default domain defense setting is interior-ready for all ports. |
The default mode for domain defense depends upon the creation mode when the CNPV is created using set dcb cn priority. For creation enable, the default domain defense is edge. For creation disable, the default domain defense is disabled.
All command modes.
Note
CN is supported on the S-Series S140 and S180 modules. On non-supported S-Series modules, the Congestion Notification Domain Defense can be configured for either edge or disabled only. When edge configured, flows ingressing non-supported S-Series modules are remapped on ingress. Flows ingressing a supported S-Series module and egressing a non-supported S-Series module on the same chassis generate CNMs because congestion notification logic is performed on the ingress module.Congestion notification domain defense provides a means of defending a congestion notification domain against incoming frames from outside of the domain. Domain defense assumes:
Congestion notification defense protects the boundaries of a domain by preventing frames not in a congestion controlled flow from entering congestion point controlled queues. Domain defense takes advantage of the ability to change the priority value in the port-priority generation table based upon whether or not the port‘s neighbor is also configured with the same CNPV. If a frame with the same priority as the CNPV is not in the congestion controlled flow, the frame priority is changed to the configured alternate priority for that CNPV.
A default domain defense mode is configured at each congestion point port. There are four possible domain defense modes depending upon whether the CNPV is configured for the congestion point or where the congestion point port is located in the congestion notification domain:
Defaults for domain defense can be configured by priority or by port. This command configures a global defense mode per congestion notification priority value for all ports on the device. A default domain defense can be set on a port basis for all congestion notification priority values on that port using set dcb cn port-priority defense.
Domain defense can be administratively configured, dynamically configured using LLDP, or based upon default values on a per port basis. The method used is referred to as “choice”. The priority choice method on a global basis is configured using set dcb cn priority choice. The port-priority choice method on a port basis is configured using set dcb cn port-priority choice.
The domain defense default configured using this command is only used if the port-priority choice set using set dcb cn port-priority choice is default and the global choice set dcb cn priority choice is admin.
This example first sets the port-priority choice to default and the CNPV choice to admin, both required for the admin configured defense setting to be used, then the example sets the default domain defense mode to interior for CNPV 3 for all congestion point ports on this device:
System(rw)->set dcb cn port-priority *.*.* 3 choice default System(rw)->set dcb cn priority 3 choice admin System(rw)->set dcb cn priority 3 defense interior
Print
this page
Email this topic
Feedback
View PDF
Download EPUB