ZXR10M6000&T8000&8900ESecurityTarget
ControlPlane
Thecontrolplanereceivescongurationcommands,protocolinformationandkeep-alive
packetsfromotherplanestoimplementsthefollowingfunctions:
lCongurationofcommandparameter,displayingstatisticsandstatusinformation.
lLocalauthentication,RADIUSauthenticationandTACACS+authentication
lAuditloggingandSNMPtrappingandpreciseclocksynchronization
lGenerationofvarietyofcongurationitemssuchasroutingtables,IPandMAC
bindingtable,ACLtable,etc.
lImportantprotocolssuchasBGPv4/RIPv2/IS-IS/OSPFv2supportsvariety
ofauthenticationmethods(noauthentication,cleartextauthentication,MD5
authentication),.
Controlplanesendsprotocolpacketandtableentriestotheotherplane.
ForwardingPlane
Theforwardingplaneforwardstheuserdata,receivesprotocolpackets,keep-alive
packetsandcongurationtableentriesfromotherplanes.Theprotocolinformationand
keep-alivepacketaresenttothenetworkaccordingtotheirpriorities.TopreventIP
addresstheftfromleased-lineusers,theleased-lineIPaddressesareboundtospecic
MACaddresses.TorestricttheunknownuserstoaccesstheTOE,theACLisassigned
tothenetworkinterface.ByspecifyingtheURPFtotheimportingnetworkinterface
andcheckingtheconsistencyofthesourceroutingaddressandtheincominginterface,
TheTOEcanpreventIPspoongattacks.TopreventDoSattacks,theTOElimitsthe
up-sendingow,thetrafctocontrolplane,ratetoprotecttheCPUwhenthedataow
exceedingtheconguredthreshold,theexceededtrafcwillbedropped.ThentheTOE
dispatchesincomingpacketstocontrolplane.
Theforwardingplanealsoprovidesstatisticalinformationtotheotherplane.
1.4.1Physicalscope
TheTOEconsistsof:
laM6000seriesSR
laT8000seriesCR
la8900EseriesESS
lacopyofZXROSNGV1.00.20:locatedonacompactashcard/disk,whichcanbe
insertedintheSR/CR/ESSandisshippedwiththeSR/CR/ESS.Thecompleteversion
informationofZXROSNGV1.00.20areasfollows:
1-6
SJ-20110815105844-030|2011/08/19(R1.6)ZTECORPORATION
To Next Page
Loading...
