ZXR10 ZSR V2 Series Router Product Description
40 ZTE Confidential & Proprietary
3.7.4.5 White list
If the user puts the VPN and IP address of one host to the white list of the firewall, the
firewall will not launch IP scanning attacks or port scanning attacks of the message sent
by the host. Also, it won’t add the IP address to the blacklist dynamically. What’s more,
the user cannot put the host to the static blacklist.
After receiving a message, the device will check if it came from the white list. If the
source of the message is the white list, the device won’t arrange the IP scanning attack,
the port scanning attack or the generation of a dynamic blacklist containing this source IP
address. However, other security filtrations must be kept to make the firewall safe, e.g.
ACL packet filtration, SFW, traffic statistics and monitoring, etc. The user can configure
the aging time of the white list. The information of the white list can be imported and
exported by files.
3.7.4.6 Anti-DDos attack
The network environment is getting more and more complicated. The control layer
processor of router device is the core component to deal with various complicated
protocol data packets. It usually suffers from broadcast storm, PING flooding, and TCP
syn flooding attacks. To avoid the influence on CPU or even service abnormality, pause,
and interruption caused by the attacks, ZXR10 ZSR V2 implements flexible and complete
flow control mechanism for the traffic enters the control layer:
The CPU flow transmitted upwards is divided into multiple queues with priority
to guarantee the important protocol packets such as BGP, OSPF as well as
user customized data packets are transmitted upwards and processed with
priority. Each queue has different threshold values for different packet types.
It supports CAR rate limit of flow transmitted upwards based on physical
ingress.
It supports CAR rate limit of customized packet based on source destination +
protocol type + TCP/UDP port number + CAR rate limit of physical ingress
number.
It supports configuration of number of transmission per second and
transmission priority as a particular rule.
To Next Page
Loading...
