Subnet Trap Rate Limiting

When the destination IP address of an ingress Layer 3-routed frame is not present in the forwarding routing table, the frame is trapped to the CPU (subnet trap frame) to generate an ICMP message. An ICMP destination host unreachable message is returned to the sender, informing the source host that the destination address is unreachable. If not rate-limited, the subnet trap frames can prevent other important control frames from reaching the CPU.

Rate limits vary among SLX devices because the devices have different hardware architectures.

SLX 9150 and SLX 9250 subnet trap rate limiting

By default, IPv4 and IPv6 subnet trap frames are diverted to a separate queue (queue number 9). You can use the CLI to further limit the rate of IPv6 subnet trap frames by configuring a Committed Information Rate (CIR) and a Committed Burst Size (CBS). Valid CIR values range from 22 Kbps through 1,200 Kbps.

For more information, see Committed Information Rate and Committed Burst Size.

SLX 9540 and SLX 9640 subnet trap rate limiting

By default, IPv4 and IPv6 subnet trap frames are rate-limited to 10,000 Kbps. You can use the CLI to further limit IPv4 and IPv6 subnet trap frames by configuring a CIR and a CBS. Valid CIR values range from 400 Kbps through 10,000 Kbps.

Subnet trap rate limiting commands

To configure the CIR and the CBS, use the ip subnet-rate-limit command with the cir and cbr options. For example:
device# configure terminal
device(config)# control-plane
device(config-control-plane)# ip subnet-rate-limit cir 134 cbr 34
Note

Note

Applying a subnet trap rate limit can increase the time it takes for conversational Neighbor Discovery to converge.

To display the configured CIR and CBS, use the show running-config control-plane ip subnet-rate-limit command.

To display the number of packets and bytes per second for IPv4 and IPv6 subnet traps, use the show ip subnet-rate-limit stats command.