HP ProCurve 9304M Security Manual page 143

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Overview

The CPU protection feature enhances the efficiency of an HP device's CPU and Content Addressable Memory

(CAM).

Some denial of service attacks make use of spoofed IP addresses. If the device must create CAM entries for a

large number of spoofed IP addresses over a short period of time, it requires excessive CAM utilization. Similarly,

if an improperly configured host on the network sends out a large number of packets that are normally processed

by the CPU (for example, DNS requests), it requires excessive CPU utilization.

The CPU protection feature allows you to configure the HP device to automatically take actions when thresholds

related to high CPU or CAM usage are exceeded.

NOTE: The CPU protection feature is supported on the following devices, starting with software release 07.7.00:

•

9300 series Routing Switches with Standard or EP management modules

The CPU protection feature is disabled by default.

How the CPU Protection Feature Works

The CPU protection feature uses the concepts of normal mode and exhausted mode. The device transitions

from normal mode to exhausted mode when specified thresholds for conditions related to high CPU usage and

CAM usage are exceeded. When the device enters exhausted mode, actions can be taken to reduce the strain

on system resources. You can define the conditions that cause the device to enter exhausted mode, the actions to

take while the device is in exhausted mode, and the conditions that enable the device to go back to normal mode.

For example, you can specify that a CPU usage percentage of 90% is a condition that will cause the device to go

from normal mode to exhausted mode. When the device enters exhausted mode, you can specify that the action

to take is to forward unknown unicast traffic in hardware instead of sending it to the CPU. You can further specify

that a CPU usage percentage of 80% will cause the device to go back to normal mode.

Conditions

You can define thresholds for the following conditions:

•

CPU utilization percentage

•

Layer 2, Layer 3, and Layer 4 CAM usage percentage

For each of these conditions, you can define two threshold values, a declaring watermark and a clearing

watermark. When the device is in normal mode, and a condition surpasses its declaring watermark, the device

June 2005

Configuring CPU Protection

Chapter 8

8 - 1

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 143

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents