IPv6 First-Hop Security Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
IPv6 Router Advertisement Throttler
Download this chapter
IPv6 Router Advertisement ThrottlerIPv6 Router Advertisement Throttler
Download the complete book
IPv6 First-Hop Security Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)IPv6 First-Hop Security Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) (PDF - 610 KB)
 Feedback

Contents

IPv6 Router Advertisement Throttler

Last Updated: January 23, 2013

The IPv6 Router Advertisement Throttler limits the amount of multicast Router Advertisements (RAs) circulating on the wireless network. The IPv6 RA throttler tracks router solicitations (RSs) and converts multicast RAs into multiple unicast RAs to forward to RS originators.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About the IPv6 Router Advertisement Throttler

IPv6 RA Throttler Overview

The IPv6 Router Advertisement Throttler limits the amount of multicast Router Advertisements (RAs) circulating on the wireless network. The IPv6 RA throttler tracks router solicitations (RSs) and converts multicast RAs into multiple unicast RAs to forward to RS originators.

Scalability Feature: IPv6 RA Throttler

Data center networks with large numbers of devices face a number of scale challenges, such as effective and efficient address resolution. For example, in wireless Layer 2 domains, bandwidth may be constrained, and the amount of control traffic generated by protocols such as IPv6 Neighbor Discovery (ND) or Multicast Listener Discovery (MLD) can quickly become prohibitive.

By snooping control traffic and maintaining a binding table that stores all active devices and their addresses on the link, the amount of control traffic flooded on the Layer 2 domain can be greatly reduced. Throttling occurs when the same message is sent multiple times from several devices that do not interact with each other, but they all interact with one or more common devices (e.g., the local device). The Layer 2 device can eliminate some of these messages without any adverse consequences for the protocol itself.

IPv6 RA Throttler Parameter Inheritance

The IPv6 RA throttler allows an inheritance process by which a parameter that is not defined at a certain hierarchical level is inherited from the level above it. A parameter is defined at a given level if a policy is attached at that level and the parameter in that policy is set to a value other than inherit.

Level inheritance is as follows:

  • PORT inherits from VLAN.
  • VLAN inherits from BOX.

The levels are defined as follows:

  • DEFAULT. A policy always exists implicitly at this level. The default policy fields are set as follows:

Field

Parameter

throttle-period

600 seconds, or 10 minutes.

max-through

10 RAs per VLAN per 10 minutes.

allow

at-least 1 at-most 1

  • 1 RA per device per 10 minutes.

interval-option

passthrough

  • RAs are not throttled with the interval option.

medium-type

wire (port only)

  • The port is wireless.
  • VLAN: At the VLAN level, only one policy may be attached per VLAN.
  • PORT: At the PORT level, a policy can be attached to the port. Only one such policy is allowed per port per VLAN.

Note
Policies must be attached at the VLAN or BOX level as well as at the PORT level for IPv6 RA throttler to operate at the PORT level.

IPv6 RA Throttler Command Precedence Rules

The allow at-least and allow at-most values applied at the VLAN level are the default for all devices in the VLAN. The values can be overridden on a per-port basis by applying another policy on the a specified port.

When you apply a policy on a port, any value that is not configured in that policy is inherited from the VLAN configuration. If the value is not configured in the VLAN policy, then the value is set to its default.

The max-through and medium-type commands are ignored by a VLAN or VLANs.

If your deployment has the same setting for the allow at-least and allow at-most values for all devices on all ports, then you need only to apply the policy on the relevant VLAN or VLANs. If some of wired ports in the deployment are connection wireless access points, then a policy with only the medium type configured needs to be applied on those specific ports.

Rules that are configured at the command-line interface (CLI) are applied in the following order:

  1. Maximum pending hosts: If more than 35 hosts are pending, the RA throttler stops "remembering" them one by one and multicasts the next RA to all devices, including wireless devices.

  2. RA interval option: If the RA has an interval option, then the interval-option command setting applies first. If the interval-option throttle command setting is configured, then this step is ignored. The default is to pass through all RAs with an interval option; that is, not to multicast the next RA to all devices, including wireless devices.

  3. Per-device at-least setting: If the device that issued the RA has not yet sent the number of RAs configured by the allow at-least command, then the RA is multicast to all hosts, including hosts on wireless devices.

  4. Per-device at-most setting: If the device that issued the RA has sent the number of RAs configured by the allow at-most command, then the RA is throttled. That is, the RA is multicast to all wired hosts and to wireless hosts with pending router solicitations (RSs) or reassociations.

  5. Per VLAN: If the per-VLAN limit per the max-through command setting has been reached, then the message is throttled; otherwise, it is passed to all devices, including wireless devices.

How to Configure the IPv6 Router Advertisement Throttler

Configuring the IPv6 RA Throttler Policy

SUMMARY STEPS

1.    enable

2.    configure terminal

3.   ipv6 nd ra-throttle policy policy-name

4.   allow {at-least {al-value | no-limit }} | {at-most {am-value | no-limit}} | {inherited}

5.   interval-option {ignore | inherit | pass-through | throttle}

6.   max-through {mt-value | inherit | no-limit}

7.   medium-type {access-point | wired}

8.   throttle-period {seconds | inherit}


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 nd ra-throttle policy policy-name


Example:

Device(config)# ipv6 nd ra-throttle policy policy1

 

Defines the RA throttler policy name and enters IPv6 RA throttle policy configuration mode.

 
Step 4
allow {at-least {al-value | no-limit }} | {at-most {am-value | no-limit}} | {inherited}


Example:

Device(config-nd-ra-throttle)# allow at-least 2 at-most 2

 

Limits the number of multicast RAs per device per throttle period in an RA throttler policy.

 
Step 5
interval-option {ignore | inherit | pass-through | throttle}


Example:

Device(config-nd-ra-throttle)# interval-option inherit

 

Adjusts the IPv6 RA interval in an RA throttler policy.

 
Step 6
max-through {mt-value | inherit | no-limit}


Example:

Device(config-nd-ra-throttle)# max-through 25

 

Limits multicast RAs per VLAN per throttle period.

 
Step 7
medium-type {access-point | wired}


Example:

Device(config-nd-ra-throttle)# medium-type wired

 

Indicates whether a device is wired or wireless.

 
Step 8
throttle-period {seconds | inherit}


Example:

Device(config-nd-ra-throttle)# throttle-period 300

 

Configures the throttle period in an IPv6 RA throttler policy.

 

Attaching the IPv6 RA Throttler Policy to a VLAN or VLANs

Before You Begin

You must create an IPv6 RA throttler policy before attaching it to a VLAN or VLANs. See the previous step to create an IPv6 RA throttler policy.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.   vlan configuration

4.   ipv6 nd ra-throttle attach-policy


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
vlan configuration


Example:

Device(config)# vlan configuration vlan1

 

Configures a VLAN or a collection of VLANs and enters VLAN configuration mode.

 
Step 4
ipv6 nd ra-throttle attach-policy


Example:

Device(config-vlan-config)# ipv6 nd ra-throttle attach-policy policy1

 

Attaches an IPv6 RA throttler policy to a VLAN or a collection of VLANs.

 

Attaching the IPv6 RA Throttler Policy to a Port

Before You Begin
  • You must create an IPv6 RA throttler policy before attaching it to a port. See the previous step to create an IPv6 RA throttler policy.
  • Policies must be attached at the VLAN or BOX level as well as at the PORT level for the IPv6 RA throttler to operate at the PORT level.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.   interface type number

4.   ipv6 nd ra-throttle attach-policy


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
interface type number


Example:

Device(config)# interface ethernet0/0

 

Specifies an interface type and number, and places the device in interface configuration mode.

 
Step 4
ipv6 nd ra-throttle attach-policy


Example:

Device(config-if)#

 

Attaches an IPv6 RA throttler policy to a Layer 2 interface.

 

Configuration Examples for IPv6 Router Advertisement Throttler

Example: IPv6 RA Throttler Policy Configuration

Device# show ipv6 nd ra-throttle policy policy2

Policy policy2 configuration: 
         The throttle period will be coalesced and default to 600 seconds
         Applied to a port, this policy indicates a wired interface
         The maximum number of unthrottled RAs is configured on the vlan and defaults to 10
         The min and max numbers of unthrottled RAs per router will be coalesced and default to 1
         The behaviour upon RAs with an RFC 3775 interval option will be coalesced and default to passthrough

Policy applied on the following interfaces: 
  Et0/0                vlan all
Policy applied on the following vlans: 
  10,12-17

Example: IPv6 RA Throttler VLAN Configuration

Device# show ipv6 nd ra-throttler vlan vlan1

general information for vlan vlan1
===================================

 RAs            last period     this period     overall
 passed_through 1               1               2
 throttled      4               2               6

 no pending host

current Policy is tutu coalesced as:

  throttle-period 90 seconds remaining 48
  max-through 0
  allow at-least 1 at-most 1
  interval-option passthrough

Additional References

Related Documents

Related Topic Document Title

IPv6 addressing and connectivity

IPv6 Configuration Guide

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

IPv6 commands

Cisco IOS IPv6 Command Reference

Cisco IOS IPv6 features

Cisco IOS IPv6 Feature Mapping

Standards and RFCs

Standard/RFC Title

RFCs for IPv6

IPv6 RFCs

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IPv6 Router Advertisement Throttler

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1Feature Information for
Feature Name Releases Feature Information

IPv6 Router Advertisement Throttler

Cisco IOS XE Release 3.2SE

The IPv6 Router Advertisement Throttler feature limits the amount of multicast RAs circulating on the wireless network. The IPv6 RA throttler tracks RSs and converts multicast RAs into multiple unicast RAs to forward to RS originators.

The following commands were introduced or modified: allow, interval-option, ipv6 nd ra-throttle attach-policy, ipv6 nd ra-throttle policy, max-through, medium-type, show ipv6 nd ra-throttler interface, show ipv6 nd ra-throttler policy, show ipv6 nd ra-throttler vlan, throttle-period, vlan configuration.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2013 Cisco Systems, Inc. All rights reserved.