config system np6
Configure NP6 attributes.
config system np6
Description: Configure NP6 attributes.
edit <name>
set fastpath [disable|enable]
set low-latency-mode [disable|enable]
set per-session-accounting [disable|traffic-log-only|...]
set garbage-session-collector [disable|enable]
set session-collector-interval {integer}
set session-timeout-interval {integer}
set session-timeout-random-range {integer}
set session-timeout-fixed [disable|enable]
config hpe
Description: HPE configuration.
set tcpsyn-max {integer}
set tcp-max {integer}
set udp-max {integer}
set icmp-max {integer}
set sctp-max {integer}
set esp-max {integer}
set ip-frag-max {integer}
set ip-others-max {integer}
set arp-max {integer}
set l2-others-max {integer}
set pri-type-max {integer}
set enable-shaper [disable|enable]
end
config fp-anomaly
Description: NP6 IPv4 anomaly protection. trap-to-host forwards anomaly sessions to the CPU.
set tcp-syn-fin [allow|drop|...]
set tcp-fin-noack [allow|drop|...]
set tcp-fin-only [allow|drop|...]
set tcp-no-flag [allow|drop|...]
set tcp-syn-data [allow|drop|...]
set tcp-winnuke [allow|drop|...]
set tcp-land [allow|drop|...]
set udp-land [allow|drop|...]
set icmp-land [allow|drop|...]
set icmp-frag [allow|drop|...]
set ipv4-land [allow|drop|...]
set ipv4-proto-err [allow|drop|...]
set ipv4-unknopt [allow|drop|...]
set ipv4-optrr [allow|drop|...]
set ipv4-optssrr [allow|drop|...]
set ipv4-optlsrr [allow|drop|...]
set ipv4-optstream [allow|drop|...]
set ipv4-optsecurity [allow|drop|...]
set ipv4-opttimestamp [allow|drop|...]
set ipv4-csum-err [drop|trap-to-host]
set tcp-csum-err [drop|trap-to-host]
set udp-csum-err [drop|trap-to-host]
set icmp-csum-err [drop|trap-to-host]
set ipv6-land [allow|drop|...]
set ipv6-proto-err [allow|drop|...]
set ipv6-unknopt [allow|drop|...]
set ipv6-saddr-err [allow|drop|...]
set ipv6-daddr-err [allow|drop|...]
set ipv6-optralert [allow|drop|...]
set ipv6-optjumbo [allow|drop|...]
set ipv6-opttunnel [allow|drop|...]
set ipv6-opthomeaddr [allow|drop|...]
set ipv6-optnsap [allow|drop|...]
set ipv6-optendpid [allow|drop|...]
set ipv6-optinvld [allow|drop|...]
end
next
end
config system np6
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
fastpath |
Enable/disable NP4 or NP6 offloading (also called fast path). |
option |
- |
enable |
||||||||
|
|
|||||||||||
low-latency-mode |
Enable/disable low latency mode. |
option |
- |
disable |
||||||||
|
|
|||||||||||
per-session-accounting |
Enable/disable per-session accounting. |
option |
- |
traffic-log-only |
||||||||
|
|
|||||||||||
garbage-session-collector |
Enable/disable garbage session collector. |
option |
- |
disable |
||||||||
|
|
|||||||||||
session-collector-interval |
Set garbage session collection cleanup interval (1 - 100 sec, default 64). |
integer |
Minimum value: 1 Maximum value: 100 |
64 |
||||||||
session-timeout-interval |
Set the fixed timeout for refreshing NP6 sessions (0 - 1000 sec, default 40 sec). |
integer |
Minimum value: 0 Maximum value: 1000 |
40 |
||||||||
session-timeout-random-range |
Set the random timeout range for refreshing NP6 sessions (0 - 1000 sec, default 8 sec). |
integer |
Minimum value: 0 Maximum value: 1000 |
8 |
||||||||
session-timeout-fixed |
{disable | enable} Toggle between using fixed or random timeouts for refreshing NP6 sessions. |
option |
- |
disable |
||||||||
|
|
config hpe
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
tcpsyn-max |
Maximum TCP SYN packet rate (10K - 4G pps, default = 5M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
tcp-max |
Maximum TCP packet rate (10K - 4G pps, default = 5M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
udp-max |
Maximum UDP packet rate (10K - 4G pps, default = 5M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
icmp-max |
Maximum ICMP packet rate (10K - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
sctp-max |
Maximum SCTP packet rate (10K - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
esp-max |
Maximum ESP packet rate (10K - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
ip-frag-max |
Maximum fragmented IP packet rate (10K - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
ip-others-max |
Maximum IP packet rate for other packets (packet types that cannot be set with other options) (10G - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
arp-max |
Maximum ARP packet rate (10K - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
1 |
||||||
l2-others-max |
Maximum L2 packet rate for L2 packets that are not ARP packets (10K - 4G pps, default = 1M pps). |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
0 |
||||||
pri-type-max |
Maximum overflow rate of priority type traffic (10K - 4G pps, default = 1M pps). Includes L2: HA, 802.3ad LACP, heartbeats. L3: OSPF. L4_TCP: BGP. L4_UDP: IKE, SLBC, BFD. |
integer |
Minimum value: 10000 Maximum value: 4000000000 |
1 |
||||||
enable-shaper |
Enable/Disable NPU host protection engine (HPE) shaper. |
option |
- |
disable |
||||||
|
|
config fp-anomaly
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
tcp-syn-fin |
TCP SYN flood SYN/FIN flag set anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
tcp-fin-noack |
TCP SYN flood with FIN flag set without ACK setting anomalies. |
option |
- |
drop |
||||||||
|
|
|||||||||||
tcp-fin-only |
TCP SYN flood with only FIN flag set anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
tcp-no-flag |
TCP SYN flood with no flag set anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
tcp-syn-data |
TCP SYN flood packets with data anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
tcp-winnuke |
TCP WinNuke anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
tcp-land |
TCP land anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
udp-land |
UDP land anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
icmp-land |
ICMP land anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
icmp-frag |
Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-land |
Land anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-proto-err |
Invalid layer 4 protocol anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-unknopt |
Unknown option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-optrr |
Record route option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-optssrr |
Strict source record route option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-optlsrr |
Loose source record route option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-optstream |
Stream option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-optsecurity |
Security option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv4-opttimestamp |
Timestamp option anomalies. |
option |
- |
drop |
||||||||
|
|
|||||||||||
ipv4-csum-err |
Invalid IPv4 IP checksum anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
tcp-csum-err |
Invalid IPv4 TCP checksum anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
udp-csum-err |
Invalid IPv4 UDP checksum anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
icmp-csum-err |
Invalid IPv4 ICMP checksum anomalies. |
option |
- |
|
||||||||
|
|
|||||||||||
ipv6-land |
Land anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-proto-err |
Layer 4 invalid protocol anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-unknopt |
Unknown option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-saddr-err |
Source address as multicast anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-daddr-err |
Destination address as unspecified or loopback address anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-optralert |
Router alert option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-optjumbo |
Jumbo options anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-opttunnel |
Tunnel encapsulation limit option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-opthomeaddr |
Home address option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-optnsap |
Network service access point address option anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-optendpid |
End point identification anomalies. |
option |
- |
allow |
||||||||
|
|
|||||||||||
ipv6-optinvld |
Invalid option anomalies.Invalid option anomalies. |
option |
- |
allow |
||||||||
|
|