Skip to content

Commit

Permalink
[copp]: Enable rate limiting for bgp, lacp, dhcp, lldp, macsec and ud…
Browse files Browse the repository at this point in the history
…ld (#14859)

Why I did it
It was observed that a flood of DHCP packets without rate-limiting can cause BGP flaps or lacp keepalive losses.
This change attempts to prevent or reduce such BGP flaps by enabling appropriate rate-limiting in SONiC for all traffic types.

Work item tracking
Microsoft ADO 17964421:

How I did it
Set a reasonable CIR/CBS value of 300 for queue4_group3 (dhcp, lldp, macsec) and 6000 for queue4_group1.
The value 300 was arrived at after testing with dhcp flooding using ptf (using multiple threads). Throttling at this rate was necessary to ensure that dhcp flooding does not cause BGP flaps.

How to verify it
Verified with this script running from ptf, that BGP flaps don't happen when CBS/CIR is set at 300 for queue4_group3.

 import threading
 from scapy.all import *
 
 def send_dhcp_discover(intf):
     dhcp_discover = Ether(dst='ff:ff:ff:ff:ff:ff',src=RandMAC()) \
                         /IP(src='1.1.1.1',dst='255.255.255.255') \
                         /UDP(sport=68,dport=67) \
                         /DHCP(options=[('message-type','discover'),('end')])
     sendp(dhcp_discover,count=100000,iface=intf)
 
 
 if __name__ == "__main__":
     t1 = threading.Thread(target=send_dhcp_discover, args=("eth1",))
     t2 = threading.Thread(target=send_dhcp_discover, args=("eth2",))
     t1.start()
     t2.start()
     t1.join()
     t2.join()

Verified on Arista-7260CX3-D108C8 running 202012 that the copp rule for queue4_group1 and queue4_group3 do NOT affect BGP packets. To verify this using PTF, the copp rules were modified to set the "CBS" and "CIR" for queue4_group1 and queue4_group3 at 600pps and 50k packets each of "BGP open" and "DHCP Discover" were simultaneously sent from the same PTF port to the DUT. It was verified using "show c cpu" that packets are hitting the cpu queue at 1200 pps (double the configured CIR/CBS for these packet types). This helped conclude that throttling rate is per trap (or packet type) and not per queue.

Verified with updated sonic-mgmt tests ([tests/copp]: Update copp mgmt tests to support new rate-limits sonic-mgmt#8199) on broadcom and mellanox platforms that these traffic types are rate-limited.

Signed-off-by: Prabhat Aravind <paravind@microsoft.com>
  • Loading branch information
prabhataravind authored Oct 25, 2023
1 parent 10bdc0f commit 7e49530
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions files/image_config/copp/copp_cfg.j2
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,12 @@
"queue4_group1": {
"trap_action":"trap",
"trap_priority":"4",
"queue": "4"
"queue": "4",
"meter_type":"packets",
"mode":"sr_tcm",
"cir":"6000",
"cbs":"6000",
"red_action":"drop"
},
"queue4_group2": {
"trap_action":"copy",
Expand All @@ -26,7 +31,12 @@
"queue4_group3": {
"trap_action":"trap",
"trap_priority":"4",
"queue": "4"
"queue": "4",
"meter_type":"packets",
"mode":"sr_tcm",
"cir":"300",
"cbs":"300",
"red_action":"drop"
},
"queue1_group1": {
"trap_action":"trap",
Expand Down Expand Up @@ -97,7 +107,7 @@
},
"macsec": {
"trap_ids": "eapol",
"trap_group": "queue4_group3"
"trap_group": "queue4_group1"
},
"nat": {
"trap_ids": "src_nat_miss,dest_nat_miss",
Expand Down

0 comments on commit 7e49530

Please sign in to comment.