Starting from Cisco SD-WAN Release 20.9.1, you can configure to throttle the Elephant Flow (EF) traffic on vEdge2k devices. The traffic flow from both the directions is considered to be the same flow, and is not dependent on the direction. Any flow above the configured rate-threshold in KPPS (Kilo Packets Per Second) is considered as an elephant flow.

You can configure to throttle the elephant flow traffic, when the following conditions occur:

• If the application's performance (voice/video calls/MS Teams) is reduced due to EF.

• If latency has increased due to EF.

Enable EF throttling to:

• Track packet rate for each flow.

• Identify Elephant flows based on the packets per second for the flows.

• Drop packets of the elephant flow, if the CPU utilization and queue threshold exceed the default or configured threshold value.

When a CPU is fully loaded and the input rate exceeds the processing rate, the packet queue builds up, as a result, there is an increase in latency. As the queued up packets become head of line, they block other packets, causing significant latency in other flows that other CPUs must process. As a part of this feature, we identify such elephant flows and drop the packets without processing them, freeing up space for other packets to be processed faster. When this feature is enabled, the elephant flow packets are dropped (whenever there is CPU overload or packet queue builds up) to keep the rest of the flows from being congested.

• Only vEdge2k devices are supported.

• If configured, packet loss is expected for the elephant flows.

• In Cisco SD-WAN Release 20.6.x and later releases, NAT is disabled globally on the router when you execute unpinning of the flows.

For more information about using CLI templates, see CLI Templates.

Note	By default, CLI templates execute commands in global config mode.

This section provides example CLI configurations to configure elephant flow throttling using a CLI template for Cisco vEdge2k devices:

1. Configure elephant flow in policy mode:

   
   vEdge2k# config terminal 
   vEdge2k(config)# policy 
   vEdge2k(config-policy)# elephant-flow 
   vEdge2k(policy-elephant-flow)# 

2. Enable elephant flow throttling configurations for Cisco vEdge2k:

   vEdge2k(policy-elephant-flow)# enable 

3. Specify a rate in Kilo Packets Per Second (KPPS) above which flow is considered as elephant flow:

   
   vEdge2k(policy-elephant-flow)# rate-threshold value 
   

4. Specify elephant flow queue depth threshold to drop packets:

   
   vEdge2k(policy-elephant-flow)# queue-depth threshold-value 
   

5. Specify the maximum allowed queue depth to start dropping packets of all flows:

   
   vEdge2k(policy-elephant-flow)# max-queue-depth depth 
   

6. Define scope for eflow direction.

   
   vEdge2k(policy-elephant-flow)# custom-eflow 
   

   1. Specify list of sequences. A maximum of eight custom-eflow sequences can be configured. If custom-eflow sequences are not configured, any flow which has more packet rate than elephant-flow-rate-threshold is considered as elephant flow.

      
      vEdge2k(policy-custom-eflow)# sequence sequence-value 
      

   2. Specify match criteria. Even if a single custom-eflow sequence is configured, only flows matching the custom-eflow sequences will be considered as elephant flow. Configure atleast one custom-eflow sequence to consider the matching flow as elephant flow. In the custom-eflow sequences, the match conditions can contain any combination of client-ip/server-ip/protocol. Protocol can be UDP or TCP. Client-IP, and Server-IP can be the required client/server subnet.

      
      vEdge2k(config-sequence-sequence-value)# match
      [client-ip IPv4 prefix (IP/length)][server-ip IPv4 prefix (IP/length)]
      [protocol TCP | UDP] 
      

Here's the complete configuration example for elephant flow:

config terminal
policy
!
 elephant-flow
!
  enable
  max-queue-depth 25000
  queue-depth 200
  rate-threshold 20
  custom-eflow
!
   sequence 1
!
    match
!
      protocol TCP
      client-ip 10.2.3.0/24
      server-ip 10.2.4.0/24

The following is a sample output from the show policy ef-stats command:

vEdge2k# show policy ef-stats
                           ADD
      ADD    DEL    CUR    SUPER                                                      CUR
CORE  SUPER  SUPER  SUPER  BLOCK   ADD   DEL   CUR   SCAN     EF   CUSTOM  HASH       CPU
NUM   BLOCK  BLOCK  BLOCK  FAILED  FLOW  FLOW  FLOW  COUNTER  NUM  MATCH   COLLISION  USAGE
---------------------------------------------------------------------------------------------
2     1      0      1      0       0     0     0     20523    0    0       0          00.04
3     1      0      1      0       1     0     1     20523    0    0       0          00.01
4     1      0      1      0       0     0     0     20523    0    0       0          00.00
5     1      0      1      0       0     0     0     20523    0    0       0          00.01
6     1      0      1      0       0     0     0     20523    0    0       0          00.01
7     1      0      1      0       0     0     0     20523    0    0       0          00.01
8     1      0      1      0       0     0     0     20523    0    0       0          00.02
9     1      0      1      0       1     0     1     20523    0    0       0          00.02
10    1      0      1      0       0     0     0     20523    0    0       0          00.01
11    1      0      1      0       0     0     0     20523    0    0       0          00.01
12    1      0      1      0       0     0     0     20523    0    0       0          00.00
13    1      0      1      0       1     0     1     20523    0    0       0          00.01
14    1      0      1      0       0     0     0     20523    0    0       0          00.01
15    1      0      1      0       0     0     0     20523    0    0       0          00.01
16    1      0      1      0       0     0     0     20523    0    0       0          00.02
17    1      0      1      0       0     0     0     20523    0    0       0          00.00
18    1      0      1      0       0     0     0     20523    0    0       0          00.01
19    1      0      1      0       0     0     0     20523    0    0       0          00.01
20    1      0      1      0       0     0     0     20523    0    0       0          00.01

The following is a sample output from the show running-config policy elephant-flow command:

vEdge2k# show running-config policy elephant-flow
policy
 elephant-flow
  enable
  max-queue-depth 25000
  queue-depth 200
  rate-threshold 20
  custom-eflow
   sequence 1
    match
     protocol TCP
     client-ip 1.2.3.0/24
     server-ip 1.2.4.0/24
    !
   !
  !
 !
!