This section describes how to configure the LPU rate limit function.
Context
When the SPU CPU usage reaches the alarm threshold, the LPU rate limit function is enabled.
The LPU rate limit function limits the rate of traffic for at most five attacked destination IP addresses with the highest traffic, not for all destination IP addresses.
Restrictions
LPU rate limit does not support IPv6 packets.
The LPU rate limit does not apply to Layer 2 scenarios.
- LPU rate limit applies only to two types of LPUs: LPUF-240 and LPUF-120.
The LPU rate limit function may affect services related to top 5 attacked destination IP addresses with the highest traffic. Therefore, enable this function only in emergency.
After the LPU rate limit function takes effect, the ATIC attack report may be inaccurate.
Procedure
- In the system view, enable LPU rate limit.
anti-ddos interface-limit enable
- (Optional) Set the CPU usage threshold and delay time.
anti-ddos interface-limit { cpu-usage cpu-usage | start-delay start-delay end-delay delay-time }