This section describes the operational guidelines to leverage distributed CPU protection:
To completely block a set of specific protocols on a specific SAP, create a single static policer with a rate of 0 and map the protocols to that policer.
During normal operation, Nokia recommends that log events for state policers should be configured using the log-events command without the optional verbose keyword. Use the verbose keyword selectively during debugging, testing, tuning, and investigation.
Every protocol configured to use a policer is allocated an independent policer instance to rate-limit that protocol. A single policer cannot be shared across multiple protocols. For example, if a single policer is configured in the service and there are four protocols configured to use it, four policer instances are allocated (that is, eight CAM entries are used for identifying the protocol and four meters are allocated).
The rates enforced by centralized CPU protection are also enforced for protocols configured for DCP. That is, DCP allows users to enforce rates per service object to be below the system-defined rate of the centralized CPU protection. Therefore, it prevents customer traffic from affecting other customer traffic.