Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Policing Small packets

Hi there

is there any way to drop smal packets when they exceed a certain threshold ?

I know I can match on packet length but then can risk to drop legitimate traffic.

TIA

Sam

4 REPLIES

Re: Policing Small packets

Hi Sam,

there are 2 aspects to your query.

1) Dropping small packets after a sertain threshold: You can do this by creating a class-map matching a certain packet length which you presume is small. And using the clas in the policy map where you set the threshold. Now you can police them after a certain threshold or apply queuing with WRED.

The police value or queuing value may be based upon the baseline of such legitimate small packets. (But this doesnt mean you may not drop legitimate packets, but its taken care to a certain extent)

2) Legitimate or Illegitimate small packets traffic. Nothing much can be achieved using cli based methods. Except for using the above method for unknown source addresses. But if you anticipate there may be illgitimate packets form know destination as well then you may want to use DDOS solutions like Anomaly Detector or Anomaly Guard Modules. All this depends on how big this problem of small packets is.

Re: Policing Small packets

Thanks Swaroop

Ur answers makes sense and if I combine both 1 & 2 I can deduct teh following.

I have 3 classes in my design: Voice , business and standard.

I could create a nested policy that in addition to reserving BW it should police based on small packets for which I will set a threshold.

I have not investigated if the small packets that killed my 7206VXR were TCP or UDP, for the latter WRED wont help. and in this case, I guess I have to simply protect other users and police a single customer uploading too many small packets.

I am aware that shaping is CPU taxing, how about policing ?

Best regards

Sam

Re: Policing Small packets

Hi Sam,

I believe that policing would be less taxing compared to shaping.

HTH-Cheers,

Swaroop

Re: Policing Small packets

Once again , thanks a million !

175
Views
4
Helpful
4
Replies
CreatePlease to create content