Source switch: The switch of the monitored port makes L2 forwarding of the traffic,
which needs to be mirrored, at Remote-probe VLAN L2 and forwards it to
intermediate switch or destination switch.
Intermediate switch: The switch between source switch and destination switch in
the network transports the mirroring traffic to the next intermediate switch or
destination switch via Remote-probe VLAN. If source switch and destination
switch are directly connected, there will be no intermediate switch.
Destination switch: The switch of destination port for remote mirroring forwards
the mirroring traffic received from Remote-probe VLAN to the monitoring
equipment via the mirroring destination port.
3.2.6 Global counter
ZXR10 5250 has unique global counter. The port and flow to be monitored can be bound
to a separate global counter. The specific flow can be decided according to flow
classification. For example, monitor a specific source IP and destination IP. After binding,
global counter separately counts the packets matching the flow.
Global counter provides the carriers with an effective way to monitor network traffic status,
which may be for a specific traffic of each user, so as to offer more data for network
structure planning.
3.2.7 IP source guard
IP source guard is a policy control technology. Based upon dynamic DHCP snooping
table entry or manual static table entry, it is mainly responsible for checking if IP+MAC
the same as DHCP snooping table entry or manual static table entry. If they are not the
same, the message will be judged as illegal. Then it will be discarded or sent to CPU.
3.2.8 Dynamic ARP Inspection (DAI)
ARP attack is the most commonly seen means in the network. It has two ways: One is to
transmit a lot of ARP packets which is beyond normal processing capability and break
down the equipment; the other is to transmit faked ARP packets and make the equipment
learn wrong table items, thus the packets of a normal user are wrongly forwarded to the
hacker faking the ARP packets and let him get private information of the user.
DAI service can effectively process ARP attack. After initiating DAI, the equipment can
restrict the number of ARP sent by the port, which guarantees adequate processing
capability of the equipment. Also, DAI service can check the legality of the received ARP
message according to user table entry generated dynamically. When the received ARP
message does not accord with the user dynamic table entry of this port, this message will
be dropped to make sure the correctness of the forwarding table entry.
To Next Page
Loading...
Need help?
General
