Zte ZXR10 8900 Series - Configuring IPFIX

To Next Page

To Previous Page

Chapter16

CPUAttackProtection

Configuration

TableofContents

CPUAttackProtectionOverview.........................................151

CPUAttackProtectionPrinciple..........................................152

ConguringCPUAttackProtection......................................152

CPUAttackProtectionCongurationExamples.....................154

CPUAttackProtection

Overview

WideuseofInternetandIPtechnologyarebringinggreatchanges

totheworld.WithgreatbenetsfromIPnetworkforlifeandwork,

thereisalsogreatlossduetoattacksinnetworkandcomputer

virusinvading.Inthepast,networkattackandvirusaimatPCs

andservers.Butnow,networkattackandvirusalsobegintoaim

atnetworkdevices,suchasswitchesandrouters.

Forswitch,itispossibletotakeprotectionmeasureaccordingto

knownorpredictablenetworkattackandvirus.Thismakesthe

switchhaveabilitytoprotectitselfandguaranteenetworksecurity.

CPUattackprotectionfunctionistomonitorupwardrateofpack-

ets.Whendiscoveringpacketswithabnormalupwardrate,sys-

temmakesalarm.Thispromptsnetworkmanagementthatthere

maybepacketsattackingCPU.Networkmanagementsystemde-

cideswhethertodiscardthiskindofpacketornotaccordingto

situations.Ornetworkmanagementsystemltersunreasonable

packets.

CPUAttack

Protection

WorkingPrinciple

IfIPv4orIPv6protocolprotectionfunctionisdisabled,somekind

ofprotocolpacketsarediscardedbybottomlayerdrivesdirectly.

Andsomekindofprotocolpacketsaretransmittedtoupwardby

bottomlayerdriveswithlowerpriorities.Whenthesepackets

reachMUXmodule,theyarediscarded,exceptSNMPpacketsand

RADIUSpackets.Soplatformisnotshocked.

IfIPv4orIPv6protocolprotectionfunctionisenabled,protocol

packetsaretransmittedtoplatformwithhighpriorities.When

protocolprotectionmodulediscoversthatsomekindofprotocol

packetsaretransmittedtoplatforminahighrate,themodule

makesalarm.Thiswarnsusersthattheremaybesomekindof

CondentialandProprietaryInformationofZTECORPORATION151

Other manuals for Zte ZXR10 8900 Series