The firewall dataplane to ctrlplane car command sets the alarm threshold for discarding packets from the data plane to the control plane and the maximum number of packets with the same source IP address allowed per second.
The undo firewall dataplane to ctrlplane car command restores the alarm threshold for discarding packets and the maximum number of packets with the same source IP address allowed per second to the default values.
firewall dataplane to ctrlplane car type type threshold threshold [ per-ip pps-value ]
undo firewall dataplane to ctrlplane car type type
| Parameter | Description | Value |
|---|---|---|
type type |
Specifies the application layer protocol type. |
IKE or IKEv6 |
threshold threshold |
Sets the alarm threshold for packet rate limiting. |
The value is an integer that ranges from 0 to 8000, in pps. |
per-ip pps-value |
Sets the number of packets with the same source IP address allowed per second. |
The value is an integer that ranges from 1 to 100, in pps. |
This command is supported in V600R007C20SPC500 and later versions.
By default, the alarm threshold for discarding packets from the data plane to the control plane is 1500 pps per CPU, and the maximum number of packets with the same source IP address allowed per second is 20 pps per CPU.
# Set the rate limit for IKE packets from the data plane to the control plane to 1000 pps and the maximum number of such packets with the same source IP address allowed per second to 10 pps.
<sysname> system-view [sysname] firewall dataplane to ctrlplane car type ike threshold 1000 per-ip 10