IPv6 First-Hop Security Configuration Guide, Cisco IOS Release 15E
IPv6 Router Advertisement Throttler
Downloads: This chapterpdf (PDF - 1.33MB) The complete bookPDF (PDF - 2.92MB) | The complete bookePub (ePub - 439.0KB) | Feedback

IPv6 Router Advertisement Throttler

IPv6 Router Advertisement Throttler

The IPv6 Router Advertisement Throttler limits the amount of multicast Router Advertisements (RAs) circulating on the wireless network. The IPv6 RA throttler tracks router solicitations (RSs) and converts multicast RAs into multiple unicast RAs to forward to RS originators.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About the IPv6 Router Advertisement Throttler

IPv6 RA Throttler Overview

The IPv6 Router Advertisement Throttler limits the amount of multicast Router Advertisements (RAs) circulating on the wireless network. The IPv6 RA throttler tracks router solicitations (RSs) and converts multicast RAs into multiple unicast RAs to forward to RS originators.

Scalability Feature: IPv6 RA Throttler

Data center networks with large numbers of devices face a number of scale challenges, such as effective and efficient address resolution. For example, in wireless Layer 2 domains, bandwidth may be constrained, and the amount of control traffic generated by protocols such as IPv6 Neighbor Discovery (ND) or Multicast Listener Discovery (MLD) can quickly become prohibitive.

By snooping control traffic and maintaining a binding table that stores all active devices and their addresses on the link, the amount of control traffic flooded on the Layer 2 domain can be greatly reduced. Throttling occurs when the same message is sent multiple times from several devices that do not interact with each other, but they all interact with one or more common devices (e.g., the local device). The Layer 2 device can eliminate some of these messages without any adverse consequences for the protocol itself.

IPv6 RA Throttler Parameter Inheritance

The IPv6 RA throttler allows an inheritance process by which a parameter that is not defined at a certain hierarchical level is inherited from the level above it. A parameter is defined at a given level if a policy is attached at that level and the parameter in that policy is set to a value other than inherit.

Level inheritance is as follows:

  • PORT inherits from VLAN.
  • VLAN inherits from BOX.

The levels are defined as follows:

  • DEFAULT. A policy always exists implicitly at this level. The default policy fields are set as follows:

Field

Parameter

throttle-period

600 seconds, or 10 minutes.

max-through

10 RAs per VLAN per 10 minutes.

allow

at-least 1 at-most 1

  • 1 RA per device per 10 minutes.

interval-option

passthrough

  • RAs are not throttled with the interval option.

medium-type

wire (port only)

  • The port is wireless.
  • VLAN: At the VLAN level, only one policy may be attached per VLAN.
  • PORT: At the PORT level, a policy can be attached to the port. Only one such policy is allowed per port per VLAN.

Note


Policies must be attached at the VLAN or BOX level as well as at the PORT level for IPv6 RA throttler to operate at the PORT level.


IPv6 RA Throttler Command Precedence Rules

The allow at-least and allow at-most values applied at the VLAN level are the default for all devices in the VLAN. The values can be overridden on a per-port basis by applying another policy on the a specified port.

When you apply a policy on a port, any value that is not configured in that policy is inherited from the VLAN configuration. If the value is not configured in the VLAN policy, then the value is set to its default.

The max-through and medium-type commands are ignored by a VLAN or VLANs.

If your deployment has the same setting for the allow at-least and allow at-most values for all devices on all ports, then you need only to apply the policy on the relevant VLAN or VLANs. If some of wired ports in the deployment are connection wireless access points, then a policy with only the medium type configured needs to be applied on those specific ports.

Rules that are configured at the command-line interface (CLI) are applied in the following order:

  1. Maximum pending hosts: If more than 35 hosts are pending, the RA throttler stops "remembering" them one by one and multicasts the next RA to all devices, including wireless devices.
  2. RA interval option: If the RA has an interval option, then the interval-option command setting applies first. If the interval-option throttle command setting is configured, then this step is ignored. The default is to pass through all RAs with an interval option; that is, not to multicast the next RA to all devices, including wireless devices.
  3. Per-device at-least setting: If the device that issued the RA has not yet sent the number of RAs configured by the allow at-least command, then the RA is multicast to all hosts, including hosts on wireless devices.
  4. Per-device at-most setting: If the device that issued the RA has sent the number of RAs configured by the allow at-most command, then the RA is throttled. That is, the RA is multicast to all wired hosts and to wireless hosts with pending router solicitations (RSs) or reassociations.
  5. Per VLAN: If the per-VLAN limit per the max-through command setting has been reached, then the message is throttled; otherwise, it is passed to all devices, including wireless devices.

How to Configure the IPv6 Router Advertisement Throttler

Configuring the IPv6 RA Throttler Policy

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ipv6 nd ra-throttle policy policy-name

    4.    allow {at-least {al-value | no-limit }} | {at-most {am-value | no-limit}} | {inherited}

    5.    interval-option {ignore | inherit | pass-through | throttle}

    6.    max-through {mt-value | inherit | no-limit}

    7.    medium-type {access-point | wired}

    8.    throttle-period {seconds | inherit}


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Device> enable 
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal 
     

    Enters global configuration mode.

     
    Step 3 ipv6 nd ra-throttle policy policy-name


    Example:
    Device(config)# ipv6 nd ra-throttle policy policy1
     

    Defines the RA throttler policy name and enters IPv6 RA throttle policy configuration mode.

     
    Step 4 allow {at-least {al-value | no-limit }} | {at-most {am-value | no-limit}} | {inherited}


    Example:
    Device(config-nd-ra-throttle)# allow at-least 2 at-most 2
     

    Limits the number of multicast RAs per device per throttle period in an RA throttler policy.

     
    Step 5 interval-option {ignore | inherit | pass-through | throttle}


    Example:
    Device(config-nd-ra-throttle)# interval-option inherit
     

    Adjusts the IPv6 RA interval in an RA throttler policy.

     
    Step 6 max-through {mt-value | inherit | no-limit}


    Example:
    Device(config-nd-ra-throttle)# max-through 25
     

    Limits multicast RAs per VLAN per throttle period.

     
    Step 7 medium-type {access-point | wired}


    Example:
    Device(config-nd-ra-throttle)# medium-type wired
     

    Indicates whether a device is wired or wireless.

     
    Step 8 throttle-period {seconds | inherit}


    Example:
    Device(config-nd-ra-throttle)# throttle-period 300
     

    Configures the throttle period in an IPv6 RA throttler policy.

     

    Attaching the IPv6 RA Throttler Policy to a VLAN or VLANs

    Before You Begin

    You must create an IPv6 RA throttler policy before attaching it to a VLAN or VLANs. See the previous step to create an IPv6 RA throttler policy.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    vlan configuration

      4.    ipv6 nd ra-throttle attach-policy


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Device> enable 
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Device# configure terminal 
       

      Enters global configuration mode.

       
      Step 3 vlan configuration


      Example:
      Device(config)# vlan configuration vlan1
       

      Configures a VLAN or a collection of VLANs and enters VLAN configuration mode.

       
      Step 4 ipv6 nd ra-throttle attach-policy


      Example:
      Device(config-vlan-config)# ipv6 nd ra-throttle attach-policy policy1
       

      Attaches an IPv6 RA throttler policy to a VLAN or a collection of VLANs.

       

      Attaching the IPv6 RA Throttler Policy to a Port

      Before You Begin
      • You must create an IPv6 RA throttler policy before attaching it to a port. See the previous step to create an IPv6 RA throttler policy.
      • Policies must be attached at the VLAN or BOX level as well as at the PORT level for the IPv6 RA throttler to operate at the PORT level.
      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    interface type number

        4.    ipv6 nd ra-throttle attach-policy


      DETAILED STEPS
          Command or Action Purpose
        Step 1 enable


        Example:
        Device> enable 
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Device# configure terminal 
         

        Enters global configuration mode.

         
        Step 3 interface type number


        Example:
        Device(config)# interface ethernet0/0
         

        Specifies an interface type and number, and places the device in interface configuration mode.

         
        Step 4 ipv6 nd ra-throttle attach-policy


        Example:
        Device(config-if)#
         

        Attaches an IPv6 RA throttler policy to a Layer 2 interface.

         

        Configuration Examples for IPv6 Router Advertisement Throttler

        Example: IPv6 RA Throttler Policy Configuration

        Device# show ipv6 nd ra-throttle policy policy2
        
        Policy policy2 configuration: 
                 The throttle period will be coalesced and default to 600 seconds
                 Applied to a port, this policy indicates a wired interface
                 The maximum number of unthrottled RAs is configured on the vlan and defaults to 10
                 The min and max numbers of unthrottled RAs per router will be coalesced and default to 1
                 The behaviour upon RAs with an RFC 3775 interval option will be coalesced and default to passthrough
        
        Policy applied on the following interfaces: 
          Et0/0                vlan all
        Policy applied on the following vlans: 
          10,12-17
        

        Example: IPv6 RA Throttler VLAN Configuration

        Device# show ipv6 nd ra-throttler vlan vlan1
        
        general information for vlan vlan1
        ===================================
        
         RAs            last period     this period     overall
         passed_through 1               1               2
         throttled      4               2               6
        
         no pending host
        
        current Policy is tutu coalesced as:
        
          throttle-period 90 seconds remaining 48
          max-through 0
          allow at-least 1 at-most 1
          interval-option passthrough

        Additional References

        Related Documents

        Related Topic

        Document Title

        IPv6 addressing and connectivity

        IPv6 Configuration Guide

        Cisco IOS commands

        Cisco IOS Master Commands List, All Releases

        IPv6 commands

        Cisco IOS IPv6 Command Reference

        Cisco IOS IPv6 features

        Cisco IOS IPv6 Feature Mapping

        Standards and RFCs

        Standard/RFC

        Title

        RFCs for IPv6

        IPv6 RFCs

        MIBs

        MIB

        MIBs Link

        No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

        To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        Technical Assistance

        Description

        Link

        The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

        Feature Information for IPv6 Router Advertisement Throttler

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for

        Feature Name

        Releases

        Feature Information

        IPv6 Router Advertisement Throttler

        15.2(1)E

        The IPv6 Router Advertisement Throttler feature limits the amount of multicast RAs circulating on the wireless network. The IPv6 RA throttler tracks RSs and converts multicast RAs into multiple unicast RAs to forward to RS originators.

        The following commands were introduced or modified: allow, interval-option, ipv6 nd ra-throttle attach-policy, ipv6 nd ra-throttle policy, max-through, medium-type, show ipv6 nd ra-throttler interface, show ipv6 nd ra-throttler policy, show ipv6 nd ra-throttler vlan, throttle-period, vlan configuration.