xStack
®
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch
121
Figure 5 - 1. Safeguard Engine example
For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress
ARP and IP broadcast packets and packets from untrusted IP a ddresses. In the example above, the Switch doubled the time for
dropping A RP and IP broadcast p ackets when con secutive flooding issues w ere detected at 5-second in tervals. (First sto p = 5
seconds, second stop = 10 seconds, third stop = 20 seconds) Once the flooding is no longer detected, the wait period for dropping
ARP and IP broadcast packets will return to 5 seconds and the process will resume.
In Fuzzy mode, once the Safeguard Engine has entered the Exhausted mode, the Safeguard Engine will decrease the packet flow
by half. After retu rning to Normal mode, the packet flow will b e increased by 25 %. The switch will then return t o its in terval
checking and dynamically adjust the packet flow to avoid overload of the Switch.
NOTICE: When Safeguard Engine is enabled, the Switch will allot bandwidth to various
traffic flows (ARP, IP) using the FFP (Fast Filter Processor) metering table to control the
CPU utilization and limit traffic. This may limit the speed of routing traffic over the network.
Users can enable the Safeguard Engine or configure advanced Safeguard Engine settings for the Switch.
To view the following window, click Security > Safeguard Engine:
Figure 5 - 2. Safeguard Engine window
To enable the Safeguard Engine option, click the Enabled radio button next to Safeguard Engine State at the top of the window.
To configure the advanced settings for the Safeguard Engine, set the following parameters and click Apply.
To Next Page
Loading...
