Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

cpu-throttle (Next Gen Services)

Syntax

Hierarchy Level

Description

Specify the services card CPU utilization percentage that triggers the installation of a dynamic filter on the PFEs of the line cards for suspicious activity. The dynamic filter drops the suspicious traffic.

In addition to this threshold, at least one of the following conditions is required to trigger the installation of a dynamic filter:

  • The packet rate from an individual source address or to an individual destination address must exceed four times the configured packet-rate at the [edit services screen ids-option screen-name limit-session by-source] or [edit services screen ids-option screen-name limit-session by-destination] hierarchy level.

  • The connection rate from an individual source address or to an individual destination address must exceed four times the configured session-rate at the [edit services screen ids-option screen-name limit-session by-source] or [edit services screen ids-option screen-name limit-session by-destination] hierarchy level.

Dynamic filters are not created from IDS screens that use subnet aggregation.

The dynamic filter drops the suspicious traffic at the PFE, without the traffic being processed by the IDS screen. When the packet or connection rate no longer exceeds four times the limit in the IDS screen, the dynamic filter is removed.

Options

percentage percent

The CPU utilization percentage.

  • Range: 1 through 100

  • Default: 90

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.3R2.