Setting Flow Limits and Associated Actions

FST provides for the setting of two limits and an associated action per flow. The first limit sets a low-level flow threshold and an associated action. The second limit sets a high-level flow threshold and an associated action. Setting a limit to 0 disables that limit.

Note

The command to set the flowlimit action is additive in that it adds the specified action to the current list of actions for the specified port classification. To remove an action already in the actions list for the current context, use the clear command.

Associated actions when the flow limit is reached can be set to:

• Notify – This option sends out an SNMP trap notification when the associated threshold is exceeded. If the flowlimit threshold is exceeded, a single notification is sent out. The notification action is reset when the number of flows drops below the flowlimit threshold. In order for SNMP traps to be sent as a result of this option, the notify action must be both associated with one or more port classifications and globally enabled on the device.

  When globally enabling notification on the device, a notification interval option can be set. The specified interval sets the number of seconds to wait before generating another notification of the same type for the same interface. This allows notification generation to be throttled in the case of a flow counter or rate that is repeatedly transitioning across a threshold. A value of 0 indicates that the device should not suppress any notifications related to the flowlimiting.

• Drop – This action drops flow setup requests in excess of the configured limit and discards the associated packets. The use of this option could cause the device to repetitively process setup requests for the dropped flows. The process of dropping flow setup requests and their associated packets could cause end stations attached to this interface to behave in an indeterminate manner. The use of this option may also prevent the device from being able to count additional flows and from reaching any additional configured limits.
• Disable – This option operationally disables the interface. The interface operational status is set to the down state. The interface remains in the down state until the associated FST interface status is set to operational using the set flowlimit port command, the FST feature is disabled, or the device is reset. In order for a port to be disabled as a result of this option, the disable action must be associated with one or more port classifications and globally enabled on the device using the set flowlimit shutdown command.

Sending out an SNMP trap notification is often times used as the low-level limit action. Dropping excess flows or even disabling the port can be appropriate high-level limit actions.