Table of Contents
Advertisement
Security
directory specified as "cf1:\dir1\file1" will be transmitted to the SCP server as "cf1:dir1file1"
where the backslash escape characters are stripped by the SCP client system before
transmission. On systems where the client treats the backslash like an "escape" character, a
double backslash "\\" or the forward slash "/" can typically be used to properly delimit
directories and the filename.
Per Peer CPM Queuing
System-level security is crucial in service provider networks to address the increased threat of
Denial-of-Service (DoS) attacks.
Control Processor Module Queuing (CPMQ) implements separate hardware-based queues
which are allocated on a per-peer basis. CPMQ allocates a separate queue for each LDP and
BGP peer and ensures that each queue is served in a round-robin fashion. This mechanism
guarantees fair and "non-blocking" access to shared CPU resources across all peers. This
would ensure, for example, that an LDP-based DoS attack from a given peer would be
mitigated and compartmentalized so that not all CPU resources would be dedicated to the
otherwise overwhelming control traffic sent by that specific peer.
CPMQ, using the "per-peer-queuing" command, ensures that service levels would not (or only
partially be) impacted in case of an attack from a spoofed LDP or BGP peer IP address.
7950 SR OS System Management Guide
Page 47
Advertisement
Table of Contents
