Operate and maintain
Documents under this category provide background concepts and procedures for configuring, operating, and maintaining SR Linux software.
- ACL and Policy-based Routing Guide
  This document describes ACL and policy-based routing configuration for the Nokia Service Router Linux (SR Linux).
- Advanced Solutions Guide
  This document describes how to configure advanced solutions for the Nokia Service Router Linux (SR Linux). Advanced solutions are defined as more complex network-level configurations where additional guidance and more detailed procedures may be required.
- CLI Plug-in Guide
  This document describes how to create custom CLI plug-ins, and defines the classes and utility functions used to create them. It also defines how to install, modify, and remove a CLI plug-in.
- Configuration Basics
  This document describes basic configuration for the Nokia Service Router Linux (SR Linux). Examples of commonly used commands are provided.
- gRIBI Guide
  This guide describes configuration details for the gRPC Routing Information Base Interface (gRIBI) feature set used with the Nokia Service Router Linux (SR Linux).
- Interfaces Guide
  This document describes interface configuration for the Nokia Service Router Linux (SR Linux), including subinterfaces, IRB interfaces, LAGs, DHCP relay, and IPv6 router advertisements.
- MPLS Guide
  This guide describes the services and provides configuration examples for the Multiprotocol Label Switching (MPLS) protocol used with the Nokia Service Router Linux (SR Linux).
- Multicast Routing Protocols Guide
  This guide provides an overview of multicast routing concepts and provides configuration examples for Internet Group Management Protocol (IGMP), Multicast Listener Discovery (MLD), and Protocol Independent Multicast (PIM).
- Network Synchronization Guide
  This guide describes the network synchronization features for the Nokia Service Router Linux (SR Linux).
- P4Runtime Guide
  This document describes SR Linux support for P4Runtime and includes procedures for configuring SR Linux to operate with P4Runtime clients.
- Quality of Service Guide for 7220 IXR and 7250 IXR
  This document describes configuration details for the Quality of Service (QoS) feature set used with the Nokia Service Router Linux (SR Linux) on IXR-series platforms.
- Quality of Service Guide for 7730 SXR
  This document describes configuration details for the Quality of Service (QoS) feature set used with the Nokia Service Router Linux (SR Linux) on SXR-series platforms.
- Routing Protocols Guide
  This document describes routing protocol configuration for the Nokia Service Router Linux (SR Linux), including OSPF, IS-IS, and BGP.
- Segment Routing Guide
  This document describes configuration details for the Segment Routing feature set used with the Nokia Service Router Linux (SR Linux).
- System Management Guide
  This document describes the interfaces used with the Nokia Service Router Linux (SR Linux).
- VPN Services Guide
  This document describes basic configuration for Layer 2 and Layer 3 Virtual Private Network service functionality on the Nokia Service Router Linux (SR Linux). It presents examples to configure and implement various protocols and services.

Rate Limiting for ICMP messages

SR Linux limits the rate of ICMP messages that it generates and sends towards IPv4 and IPv6 hosts. It maintains a list of the 1000 most-recent source IP addresses that triggered the need to send an ICMP message to that endpoint. SR Linux does not allow an ICMP message to be transmitted to a source IP entry in the list if the last message sent to that host (of any type and code) was transmitted less than 1 second ago; as a result, there is a limit of 1000 ICMP error/redirect messages per second towards all sources.

To do this, SR Linux maintains a token bucket for each of the last 1000 IPv4 and 1000 IPv6 senders that generated traffic requiring ICMP messages to be sent back to them. The token bucket for each sender has a maximum depth of 10 packets, and can be filled or drained at a rate of 10 packets per second. You can adjust the maximum depth of the token bucket and the rate at which it is filled or drained.

Configuring rate limiting for ICMP messages

Each token bucket has a maximum depth, counted in terms of ICMP messages, which is controlled by the max-burst parameter (default 10 packets), and a fill/drain rate, which is controlled by the peak-rate parameter (default 10 packets per second).

To configure rate limiting for ICMP messages, you can set values for the max-burst and peak-rate parameters. The token bucket state for each host is refilled at the peak-rate up to a maximum depth of max-burst.

Configure rate limiting for IPv4 ICMP messages

The following example sets values for the max-burst and peak-rate parameters for IPv4 ICMP messages.

--{ + candidate shared default }--[  ]--
# info system datapath icmp
    system {
        datapath {
            icmp {
                rate-limit-per-host {
                    peak-rate 20
                    max-burst 40
                }
            }
        }
    }

Configure rate limiting for IPv6 ICMP messages

The following example sets values for the max-burst and peak-rate parameters for IPv6 ICMP messages.

--{ + candidate shared default }--[  ]--
# info system datapath icmp
    system {
        datapath {
            icmp6 {
                rate-limit-per-host {
                    peak-rate 20
                    max-burst 40
                }
            }
        }
    }

November 7, 2024