Other Security Features
34 7705 SAR OS System Management Guide
IPv4 CSM filters drop or accept incoming packets based on the following match criteria:
• DSCP name
• destination IP address
• destination port
• fragmentation
•ICMP code
•ICMP type
• IP option value
• multiple options
• option present
• source IP address
• source port
•TCP ACK
•TCP SYN
IPv6 CSM filters drop or accept incoming packets based on the following match criteria:
• DSCP name
• destination IP address
• destination port
•ICMP code
•ICMP type
• source IP address
• source port
•TCP ACK
•TCP SYN
To avoid DoS-like attacks overwhelming the control plane while ensuring that critical control
traffic such as signaling is always serviced in a timely manner, the 7705 SAR has three queues
(High, Low, and Ftp) for handling packets addressed to the CSM:
• High – handles all important messaging, such as network management and signaling
links
• Low – handles lower-importance messages, such as pings
• Ftp – handles bulk file transfers, such as new software image downloads
These queues are fixed use (each queue handles a certain type of traffic, which is not
user-configurable) and fixed configuration (each queue is configured for particular rates and
buffering capacity and is not user-configurable).
To Next Page
Loading...
