Limiting the PPPoE access rate
The device can limit the rate at which a user (identified by an MAC address) can create PPPoE sessions on an interface. If the number of PPPoE requests within the monitoring time exceeds the configured threshold, the device discards the excessive requests, and outputs log messages. If the blocking time is set to 0, the device does not block any requests, and it only outputs log messages.
The device uses a monitoring table and a blocking table to control PPP access rates:
Monitoring table—Stores a maximum of 8000 monitoring entries. Each entry records the number of PPPoE sessions created by a user within the monitoring time. When the monitoring entries reach the maximum, the system stops monitoring and blocking session requests from new users. The aging time of monitoring entries is determined by the session-request-period argument. When the timer expires, the system starts a new round of monitoring for the user.
Blocking table—Stores a maximum of 8000 blocking entries. The system creates a blocking entry if the access rate of a user reaches the threshold, and blocks requests from that user. When the blocking entries reach the maximum number, the system stops blocking session requests from new users and it only outputs log messages. The aging time of the blocking entries is determined by the blocking-period argument. When the timer expires, the system starts a new round of monitoring for the user.
If the access rate setting is changed, the system removes all monitoring and blocking entries, and uses the new settings to limit PPPoE access rates.
To limit the PPPoE access rate:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 3 Ethernet interface/subinterface, Layer 3 virtual Ethernet interface/subinterface, VLAN interface, Layer 3 aggregate interface/subinterface, VE-L3VPN interface/subinterface, or EFM interface/subinterface view. | interface interface-type interface-number | The PPPoE server is enabled on the interface. |
3. Set the PPPoE access limit. | pppoe-server throttle per-mac session-requests session-request-period blocking-period | By default, the PPPoE access rate is not limited. |
4. Display information about blocked users (centralized devices in standalone mode). | display pppoe-server throttled-mac [ interface interface-type interface-number ] | Available in any view. |
5. Display information about blocked users (distributed devices in standalone mode/centralized IRF devices in IRF mode). | display pppoe-server throttled-mac { slot slot-number | interface interface-type interface-number } | Available in any view. |
6. Display information about blocked users (distributed devices in IRF mode). | display pppoe-server throttled-mac { chassis chassis-number slot slot-number | interface interface-type interface-number } | Available in any view. |