EasyManua.ls Logo

Dasan V5808 - Attack Guard

Dasan V5808
814 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
UMN:CLI User Manual
V5808
390
10G Port
1,250,000,000
14,880,952
823,451
The invalid traffic guard function is configured with the threshold rate (%) that is based on
pps of the maximum Ethernet ports bandwidth.
Frame size for
PPS calculation
Packet Type which are
counted
Threshold Rate (%) based on
PPS
Attack-guard
64-byte
Multicast, Unicast,
Broadcast
1G port: 100% (=1,488,095 pps)
10G port: 100% (=14,880,952 pps)
Default: High-80%, Low-20%
Error-guard
64-byte
Error packets
1G port: 100% (=1,488,095 pps)
10G port: 100% (=14,880,952 pps)
Default: 1%
To generate a SNMP trap of invalid traffic guard (attack/error), SNMP trap mode should
be alarm-report mode.
8.9.4.1 Attack Guard
A packet storm may unexpectedly occur if a large number of broadcast, unicast, or
multicast packets are received on a port. Forwarding these packets can cause the
network to slow down or to time out. The V5808 provides the attack guard function that
controls traffic for a specified port by threshold value. The threshold (%) rate of attack
guard is based on the number of packets per second (pps) that is calculated by 64-byte
frame size. If the number of incoming packets exceeds a given threshold, the system can
shut down the port or generate SNMP trap messages for warning when attack guard
function is enabled on this port. If the threshold (%) comes down to a given low threshold,
it generates traps. You can specify the packet type, a high threshold value and a low
threshold for a port.
To enable/disable the attack guard function, use the following command.
Command
Mode
Description
attack-guard {broadcast |
multicast | unicast} <0-100> <0-
100> [PORTS]
Bridge
Enables the attack guard function according to its
packet type and sets the threshold.
PORTS: port number
0-100: high rate threshold percent (default: 80%)
0-100: low rate threshold percent (default: 20%)
no attack-guard {broadcast |
multicast | unicast} [PORTS]
Disable the attack guard function.
If the high threshold is set to 85% for 1G Ethernet port, the V5808 monitors the number of
configured packet type. The number of those packets exceeds 1,264,880 pps
(=14,880,95 * 0.85), the shutdown/trap action will be performed.
To determine the policy to take action when the incoming broadcast/multicast/unicast

Table of Contents