tmnxCpmProtEthCfmPolTable 1.3.6.1.4.1.6527.3.1.2.22.9.31

tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an Access Control List) used to rate limit the flow of Ethernet Connectivity Fault Management packets. The table can be used to minimize the impact of an Eth-CFM Denial of Service attack. The table extends tmnxCpmProtPolTable, by allowing several <rate-limit, eth-cfm-level, eth-cfm-opcode> triples to be defined for a CPM protection policy. For example, tmnxCpmProtEthCfmPolTable could contain the following information (where the column labels for the table's index objects are in upper case): POLICY ID ENTRY NUM Level Opcode Rate Limit --------- --------- ----- ------ ---------- 250 10 {4} {10} 100 packets/sec 250 20 {4,6} {1,3} 200 packets/sec 250 30 {0-7} {0-255} 300 packets/sec {0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}. Suppose the example configuration above is in place, and an Eth-CFM PDU arrives on a SAP which has Policy ID 250 configured against it. If the PDU contains level=4 and opcode=1, the 200 packets/sec rate limit is applied. Within a Policy ID, the first row (i.e. the row with the lowest entry number) matching the PDU applies. Therefore, the third row in the example applies a 300 packets/sec limit to any PDU which does not match the first or second row. At most four Policy IDs can have rows in this table. At most 10 rows are supported per Policy ID. If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values (e.g. 10, 20, 30) when initially creating the rows for a particular tmnxCpmProtPolicyId, it will be possible to add rows in the gaps later, without reconfiguration. A prerequisite for creating a row in this table: a row with the same tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable. Deleting a row in tmnxCpmProtPolTable deletes all the rows in this table with matching tmnxCpmProtPolicyId values.