Reset Search



how to establish baseline for DOS-PROTECT in EXOS switches

« Go Back


Titlehow to establish baseline for DOS-PROTECT in EXOS switches
To configure a threshold value for the DOS-PROTECT feature in EXOS. 
  • All EXOS.
  • Summit and BlackDiamond switches. 
There may not be a straight forward way to determine this. Following things should be considered before setting a value. 
  • CPU handles broadcast and unknown destination mac-addresses from the user traffic in the network. 
  • CPU should also be handling the protocol control packets like OSPF/VRRP/MPLS etc., So, the configuration of these protocols should also be considered.
  • Also, DOS-PROTECT applies to L3(IP) packets. 
Steps to determine the configurable value:
  • Clear the l2stats and collect the output in a second when there is a peak traffic.  
  • Calculate the packets hitting the CPU and IGMP control packets snooped for all the VLANs. 
  • Similarly, calculate for the "ipstats" output. 
  • This may be considered as an average traffic that should be allowed to be handled by the CPU. Set a higher value than this average which may be optimal for the network.

Once determined, execute the following command. 
configure dos-protect type l3-protect alert-threshold <number of packets>

Additional notes
Methodology can differ based on the networks and configuration. 



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255