Cisco Cisco IOS Software Release 12.0(19)S
IP Services Engine Line Cards
Feature Overview
15
Cisco IOS Release 12.0(19)S
If you observe a problem, the debug frame-relay switching command is used to display the status of
packets on switched PVCs at regular intervals. This debug command displays information such as the
number of packets that were switched, why packets were dropped, and changes in status of physical links
and PVCs. Debug information is displayed only when there has been a change from one configured
interval to the next.
packets on switched PVCs at regular intervals. This debug command displays information such as the
number of packets that were switched, why packets were dropped, and changes in status of physical links
and PVCs. Debug information is displayed only when there has been a change from one configured
interval to the next.
See the Cisco Systems publication Frame Relay Switching Diagnostics and Troubleshooting, Cisco IOS
Release 12.1 for additional information on the use of these commands.
Release 12.1 for additional information on the use of these commands.
Protection Against Denial Of Service (DOS) Attacks
The ISE line cards support the following features to help defeat denial of service (DOS) attacks:
For Attacks On Upstream Devices
Large numbers of line-rate xACLs are available. See
for more information.
For Attacks On The Router
There are several mechanisms available:
•
“Exception” packets detected as being incompatible with regular fastpath parameters are either
dropped or sent to the local CPU. This does not effect the router’s performance:
dropped or sent to the local CPU. This does not effect the router’s performance:
Packets sent to the local CPU are classified into three different RAW queues, which are processed
in a strict priority order by the CPU. With this mechanism, the good packets are put in the higher
priority queue, while the exception packets (such as IP options, TTL expire, no route found) are put
into the low priority queue. If more packets arrive into this queue than the CPU queue threshold, the
packets are dropped without a performance cost.
in a strict priority order by the CPU. With this mechanism, the good packets are put in the higher
priority queue, while the exception packets (such as IP options, TTL expire, no route found) are put
into the low priority queue. If more packets arrive into this queue than the CPU queue threshold, the
packets are dropped without a performance cost.
•
Packets are never sent directly from the fastpath to the route processor:
Packets are first sent to the local CPU where they can be throttled, and then sent to the route
processor. This avoids the possibility that the route processor is overwhelmed by user packets.
Packets directed to the router can also be rate limited using the usual CAR function without a
performance penalty.
Packets are first sent to the local CPU where they can be throttled, and then sent to the route
processor. This avoids the possibility that the route processor is overwhelmed by user packets.
Packets directed to the router can also be rate limited using the usual CAR function without a
performance penalty.
Benefits
The ISE line cards offer the following advantages:
High Speed Applications At The Network Edge
The ISE line cards provide a single platform architecture from backbone to edge: 12000 series routers
can be utilized for applications at the edges of the Service Provider network as well as in the Internet
core and backbone.
can be utilized for applications at the edges of the Service Provider network as well as in the Internet
core and backbone.
Reduced Cost Of Ownership
The enhanced edge functionality of the ISE line cards significantly decrease up-front procurement cost
and life cycle costs.
and life cycle costs.
Cisco Optical Internet Strategy Enabler
Allows high-speed direct Customer aggregation and the rapid shift from DS-3 speed to optical OC-3 or
OC-12c speeds building upon Cisco Internetworking strategy. OC-48c backbone or peering capability
will be available with Cisco IOS Release 12.0(20)S.
OC-12c speeds building upon Cisco Internetworking strategy. OC-48c backbone or peering capability
will be available with Cisco IOS Release 12.0(20)S.