tmnxCpmProtEthCfmPolTable
TIMETRA-SECURITY-MIB ·
.1.3.6.1.4.1.6527.3.1.2.22.9.31
Object
table
tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an
Access Control List) used to rate limit the flow of Ethernet
Connectivity Fault Management packets. The table can be used to
minimize the impact of an Eth-CFM Denial of Service attack.
The table extends tmnxCpmProtPolTable, by allowing several
<rate-limit, eth-cfm-level, eth-cfm-opcode> triples to be defined for
a CPM protection policy.
For example, tmnxCpmProtEthCfmPolTable could contain the following
information (where the column labels for the table's index objects are
in upper case):
POLICY ID ENTRY NUM Level Opcode Rate Limit
--------- --------- ----- ------ ----------
250 10 {4} {10} 100 packets/sec
250 20 {4,6} {1,3} 200 packets/sec
250 30 {0-7} {0-255} 300 packets/sec
{0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}.
Suppose the example configuration above is in place, and an Eth-CFM
PDU arrives on a SAP which has Policy ID 250 configured against it.
If the PDU contains level=4 and opcode=1, the 200 packets/sec rate
limit is applied. Within a Policy ID, the first row (i.e.
the row with the lowest entry number) matching the PDU applies.
Therefore, the third row in the example applies a 300 packets/sec
limit to any PDU which does not match the first or second row.
At most four Policy IDs can have rows in this table. At most 10 rows
are supported per Policy ID.
If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values
(e.g. 10, 20, 30) when initially creating the rows for a particular
tmnxCpmProtPolicyId, it will be possible to add rows in the gaps
later, without reconfiguration.
A prerequisite for creating a row in this table: a row with the same
tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable. Deleting a row
in tmnxCpmProtPolTable deletes all the rows in this table with
matching tmnxCpmProtPolicyId values.
Context
- MIB
- TIMETRA-SECURITY-MIB
- OID
.1.3.6.1.4.1.6527.3.1.2.22.9.31- Type
- table
- Status
- current
- Parent
- tmnxCpmSecurityObjs
- Siblings
- 61
- Children
- 1
Syntax
No syntax metadata recorded.
Values & Constraints
No enumerated values or constraints recorded.
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| tmnxCpmPerPeerQueuing When tmnxCpmPerPeerQueuing is set to 'true', CPM hardware queuing
per peer is enabled. This means that when a peering session is
established, the router will automatically allocat… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.1 |
| tCpmIPv6FilterStatsTable The tCpmIPv6FilterStatsTable has a stats entry for each entry in each
CPM filter configured on this system.
This table is not supported on SR-1 and ESS-1, where the val… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.10 |
| tmnxCpmProtPolTableLastChanged The value of tmnxCpmProtPolTableLastChanged indicates the sysUpTime at
the time of the last modification of an entry in the
tmnxCpmProtPolTable.
If no changes were made… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.11 |
| tmnxCpmProtPolTable The tmnxCpmProtPolTable has an entry for each CPM Protection policy
configured in the system. There are two default policies.
CPM Protection policy (254) is the default… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.12 |
| tmnxCpmProtDropUncfgdProtocolMsg The value of tmnxCpmProtDropUncfgdProtocolMsg specifies the
administrative state of the protocol protection facility.
When the value of this object is set to 'inService… | scalar | TIMETRA-TC-MIBTmnxAdminState | .1.3.6.1.4.1.6527.3.1.2.22.9.13 |
| tmnxCpmProtLinkRateLimit The value of tmnxCpmProtLinkRateLimit specifies the link-specific
packet arrival rate limit to be applied to link-level protocols such
as LACP.
This object is not suppo… | scalar | packets per second TmnxCpmPacketRateLimit | .1.3.6.1.4.1.6527.3.1.2.22.9.14 |
| tmnxCpmProtExcdTableLastChanged The value of tmnxCpmProtExcdTableLastChanged indicates the sysUpTime
at the time of the last add, change, or delete of a row in the
tmnxCpmProtExcdTable.
If no changes … | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.15 |
| tmnxCpmProtExcdTable tmnxCpmProtExcdTable has a row for each <service ID, SAP, source MAC
address> triple that has exceeded the per-source rate limit configured
for the <service ID, SAP> pair. MAC-la… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.16 |
| tmnxCpmProtViolPortTableLastChgd The value of tmnxCpmProtViolPortTableLastChgd indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtViolPortTable.
If no changes we… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.17 |
| tmnxCpmProtViolPortTable The tmnxCpmProtViolPortTable has an entry for each port where either
the link-specific packet arrival rate limit or the per-port overall
packet rate limit was violated.
… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.18 |
| tmnxCpmProtViolIfTableLastChgd The value of tmnxCpmProtViolIfTableLastChgd indicates the sysUpTime at
the time of the last modification of an entry in the
tmnxCpmProtViolIfTable.
If no changes were m… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.19 |
| tmnxCpmQueuesTotal The value of tmnxCpmQueuesTotal indicates the total number of CPM
hardware queues.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MI… | scalar | SNMPv2-SMIGauge32 | .1.3.6.1.4.1.6527.3.1.2.22.9.2 |
| tmnxCpmProtViolIfTable The tmnxCpmProtViolIfTable has an entry for each router interface
where the overall packet arrival rate limit was violated.
This object is not supported on SR-1 and ESS… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.20 |
| tmnxCpmProtViolSapTableLastChgd The value of tmnxCpmProtViolSapTableLastChgd indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtViolSapTable.
If no changes were… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.21 |
| tmnxCpmProtViolSapTable The tmnxCpmProtViolSapTable has an entry for each SAP where the
overall packet arrival rate limit was violated.
This object is not supported on SR-1 and ESS-1, where th… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.22 |
| tmnxCpmProtPortOverallRateLimit The value of tmnxCpmProtPortOverallRateLimit specifies the per-port
packet arrival rate limit to be applied to all protocol messages that
are to be processed by the CPM.
… | scalar | packets per second TmnxCpmPacketRateLimit | .1.3.6.1.4.1.6527.3.1.2.22.9.23 |
| tmnxCpmProtDetectPeriod The value of tmnxCpmProtDetectPeriod indicates the length of a packet
arrival rate limit detection period.
This object is not supported on SR-1 and ESS-1, where the val… | scalar | 100 milliseconds SNMPv2-SMIUnsigned32 | .1.3.6.1.4.1.6527.3.1.2.22.9.24 |
| tCpmMacFilterTable The tCpmMacFilterTable has an entry for each CPM Mac filter entry
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-C… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.25 |
| tCpmMacFilterStatsTable The tCpmMacFilterStatsTable has a stats entry of the CPM Mac filter
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.26 |
| tmnxCpmProtAllowShamLinkPackets The value of tmnxCpmProtAllowShamLinkPackets specifies whether OSPF
sham-link traffic will be allowed over VPRN transport tunnels.
When the value of this object is set … | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.27 |
| tmnxCpmProtViolVdoSvcTable The tmnxCpmProtViolVdoSvcTable has an entry for each client address of
a RTCP control traffic in VPLS service where the per-source rate limit
was violated. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.28 |
| tmnxCpmProtViolVdoVrtrTable The tmnxCpmProtViolVdoVrtrTable has an entry for each client address
of a RTCP control traffic in router context where the per-source rate
limit was violated. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.29 |
| tmnxCpmQueuesInUse The value of tmnxCpmQueuesInUse indicates the number of CPM hardware
queues that are in use.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-… | scalar | SNMPv2-SMIGauge32 | .1.3.6.1.4.1.6527.3.1.2.22.9.3 |
| tmnxCpmProtEthCfmPolTableLastChg The value of tmnxCpmProtEthCfmPolTableLastChg indicates the value of
the sysUpTime object when the last change was made to
tmnxCpmProtEthCfmPolTable. A value of 0 indicates that n… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.30 |
| tmnxCpmProtViolSdpBindTblLastChg The value of tmnxCpmProtViolSdpBindTblLastChg indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtViolSdpBindTable.
If no changes… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.32 |
| tmnxCpmProtViolSdpBindTable tmnxCpmProtViolSdpBindTable has a row for each SDP binding, where the
overall packet arrival rate limit was violated. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.33 |
| tmnxCpmProtExcdSdpBindTblLastChg The value of tmnxCpmProtExcdSdpBindTblLastChg indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtExcdSdpBindTable.
If no changes… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.34 |
| tmnxCpmProtExcdSdpBindTable tmnxCpmProtExcdSdpBindTable has a row for each SDP binding and source
MAC address pair that has exceeded its per-source rate limit. The
equivalent table for SAPs is tmnxCpmProtExc… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.35 |
| tmnxCpmProtExcdSdpBindEcmTblLChg The value of tmnxCpmProtExcdSdpBindEcmTblLChg indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtExcdSdpBindEcmTable.
If no chan… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.36 |
| tmnxCpmProtExcdSdpBindEcmTable tmnxCpmProtExcdSdpBindEcmTable has a row for each Ethernet
Connectivity Fault Management (Eth-CFM) PDU stream, served by an SDP
binding, that has exceeded its Eth-CFM rate limit. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.37 |
| tmnxCpmProtExcdSapEcmTblLChg The value of tmnxCpmProtExcdSapEcmTblLChg indicates the sysUpTime at
the time of the last modification of an entry in the
tmnxCpmProtExcdSapEcmTable.
If no changes were… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.38 |
| tmnxCpmProtExcdSapEcmTable tmnxCpmProtExcdSapEcmTable has a row for each Ethernet Connectivity
Fault Management (Eth-CFM) PDU stream, served by a SAP, that has
exceeded its Eth-CFM rate limit. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.39 |
| tCpmFilterQueueTable The tCpmFilterQueueTable has an entry for each CPM filter queue
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHA… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.4 |
| tmnxCpmVprnNwExceptions The value of tmnxCpmVprnNwExceptions specifies whether the MPLS
exception messages are allowed to be received on all VPRN instances.
When the value of tmnxCpmVprnNwExce… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.40 |
| tmnxCpmNumVprnNwExceptions The value of tmnxCpmNumVprnNwExceptions specifies the number of MPLS
exception messages allowed to be received in the time frame specified
by tmnxCpmVprnNwExceptionsTime. | scalar | Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.22.9.41 |
| tmnxCpmVprnNwExceptionsTime The value of tmnxCpmVprnNwExceptionsTime specifies the time frame in
seconds that is used to limit the number of MPLS exception messages
issued per time frame. | scalar | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.22.9.42 |
| tmnxCpmProtExcdSapIpTableLastChg The value of tmnxCpmProtExcdSapIpTableLastChg indicates the sysUpTime
at the time of the last add, change, or delete of a row in the
tmnxCpmProtExcdSapIpTable.
If no ch… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.43 |
| tmnxCpmProtExcdSapIpTable tmnxCpmProtExcdSapIpTable has a row for each <service ID, SAP, source
IP address> triple that has exceeded the per-source rate limit
configured for the <service ID, SAP> pair. IP… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.44 |
| tmnxDCpuProtPolicyTblLstChg The value of tmnxDCpuProtPolicyTblLstChg indicates the timestamp of
the last change to the tmnxDCpuProtPolicyTable. A value of 0 indicates
that no changes were made to this table … | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.45 |
| tmnxDCpuProtPolicyTable The tmnxDCpuProtPolicyTable has an entry for each Distributed CPU
Protection Policy configured in the system. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.46 |
| tmnxDCpuProtStaticPlcrTblLstChg The value of tmnxDCpuProtStaticPlcrTblLstChg indicates the timestamp
of the last change to the tmnxDCpuProtStaticPlcrTable. A value of 0
indicates that no changes were made to thi… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.47 |
| tmnxDCpuProtStaticPlcrTable The tmnxDCpuProtStaticPlcrTable has an entry for static-policer
configured for each Distributed CPU Protection Policy identified by
tmnxDCpuProtPolicyName. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.48 |
| tmnxDCpuProtLocMonPlcrTblLstChg The value of tmnxDCpuProtLocMonPlcrTblLstChg indicates the timestamp
of the last change to the tmnxDCpuProtLocMonPlcrTable. A value of 0
indicates that no changes were made to thi… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.49 |
| tmnxCpmHwFilterObjs | node | - | .1.3.6.1.4.1.6527.3.1.2.22.9.5 |
| tmnxDCpuProtLocMonPlcrTable The tmnxDCpuProtLocMonPlcrTable has an entry for each Distributed CPU
Protection Policy configured in the system. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.50 |
| tmnxDCpuProtProtocolTblLstChg The value of tmnxDCpuProtProtocolTblLstChg indicates the timestamp of
the last change to the tmnxDCpuProtProtocolTable. A value of 0
indicates that no changes were made to this ta… | scalar | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.22.9.51 |
| tmnxDCpuProtProtocolTable The tmnxDCpuProtProtocolTable has an entry for each Distributed CPU
Protection Policy configured in the system. | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.52 |
| tmnxCpmProtBlockPIMTunneled The value of tmnxCpmProtBlockPIMTunneled specifies whether to block
extraction and processing of arriving PIM packets inside a tunnel on a
network interface.
When the v… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.53 |
| tmnxCpmProtPortRateActionLowPrio The value of tmnxCpmProtPortRateActionLowPrio specifies whether to
mark packets as low-priority when port-overall-rate-limit specified by
tmnxCpmProtPortOverallRateLimit is exceed… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.54 |
| tmnxCpmProtIPSrcMonDhcp The value of tmnxCpmProtIPSrcMonDhcp specifies whether DHCP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, whe… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.55 |
| tmnxCpmProtIPSrcMonGtp The value of tmnxCpmProtIPSrcMonGtp specifies whether GTP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, where… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.56 |
| tmnxCpmProtIPSrcMonIcmp The value of tmnxCpmProtIPSrcMonIcmp specifies whether ICMP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, whe… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.57 |
| tmnxCpmProtIPSrcMonIgmp The value of tmnxCpmProtIPSrcMonIgmp specifies whether IGMP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, whe… | scalar | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.22.9.58 |
| tCpmIpFilterTable The tCpmIpFilterTable has an entry for each CPM IPv4 filter entry
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-C… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.6 |
| tCpmProtOutProfViolIfTable The tCpmProtOutProfViolIfTable has an entry for each router interface
where the cpu protection policy's out-of-profile rate limit was
violated.
This object is not suppo… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.61 |
| tCpmProtOutProfViolSapTable The tCpmProtOutProfViolSapTable has an entry for each SAP where the
cpu protection policy's out-of-profile rate limit was violated.
This object is not supported on SR-1… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.62 |
| tCpmProtOutProfViolSdpBindTable The tCpmProtOutProfViolSdpBindTable has an entry for each SDP binding
where the cpu protection policy's out-of-profile rate limit was
violated.
This object is not suppo… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.63 |
| tmnxCpmProtExcdSdpBindIpTable The tmnxCpmProtExcdSdpBindIpTable has a row for each service-id, sdp
and source IP address that has exceeded the per-source rate limit
configured for the <service-id, sdp> pair. … | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.64 |
| tCpmIpFilterStatsTable The tCpmIpFilterStatsTable has a stats entry for each entry in each
CPM filter configured on this system.
This table is not supported on SR-1 and ESS-1, where the value… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.7 |
| tCpmFilterQueueStatsTable The tCpmFilterQueueStatsTable has a stats entry for each CPM filter
queue configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
T… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.8 |
| tCpmIPv6FilterTable The tCpmIPv6FilterTable has an entry for each CPM IPv6 filter entry
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA… | table | - | .1.3.6.1.4.1.6527.3.1.2.22.9.9 |
Child Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| tmnxCpmProtEthCfmPolEntry Each row specifies a set of Ethernet CFM packets to be rate limited,
and the associated rate limit.
Table rows are created and destroyed using
tmnxCpmProtEthCfmPolRow… | row | - | .1.3.6.1.4.1.6527.3.1.2.22.9.31.1 |