1) Dropping small packets after a sertain threshold: You can do this by creating a class-map matching a certain packet length which you presume is small. And using the clas in the policy map where you set the threshold. Now you can police them after a certain threshold or apply queuing with WRED.
The police value or queuing value may be based upon the baseline of such legitimate small packets. (But this doesnt mean you may not drop legitimate packets, but its taken care to a certain extent)
2) Legitimate or Illegitimate small packets traffic. Nothing much can be achieved using cli based methods. Except for using the above method for unknown source addresses. But if you anticipate there may be illgitimate packets form know destination as well then you may want to use DDOS solutions like Anomaly Detector or Anomaly Guard Modules. All this depends on how big this problem of small packets is.
Ur answers makes sense and if I combine both 1 & 2 I can deduct teh following.
I have 3 classes in my design: Voice , business and standard.
I could create a nested policy that in addition to reserving BW it should police based on small packets for which I will set a threshold.
I have not investigated if the small packets that killed my 7206VXR were TCP or UDP, for the latter WRED wont help. and in this case, I guess I have to simply protect other users and police a single customer uploading too many small packets.
I am aware that shaping is CPU taxing, how about policing ?
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...