Cpu Attack Protection Principle; Configuring Cpu Attack Protection; Configuring Ipv4 Protocol Protection - Zte ZXR10 8900 Series User Manual
10 gigabit routing switch
Hide thumbs
Also See for ZXR10 8900 Series:
- Command manual (177 pages) ,
- User manual (160 pages) ,
- Command reference manual (147 pages)
Table of Contents
Advertisement
ZXR10 8900 Series User Manual (Basic Configuration Volume)
protocol packets attacking CPU. When such alarm appears, disable
protocol protection function to protect CPU from being attacked.
Note:
After protocol protection functions of SNMP and RADIUS are dis-
abled, they are not affected and work normally.
For IPv4 and IPv6 protocols, there is a threshold value. By default,
the threshold value is 3000, that is, system allows receiving 3000
messages of a protocol within 30 seconds. When there are more
than 3000 messages received, alarm appears. The threshold value
can be configured.
CPU Attack Protection
Principle
Protocol protection is to protect the CPU of a switch. If CPU is at-
tacked by many protocol messages, CPU usage ratio will increase.
When protocol messages are sent to CPU at a high speed, protocol
protection module will count the protocol messages of each type.
Controlled by a timer, the number of protocol messages sent to
CPU during a cycle is compared with a configured threshold value.
For example, the number of protocol messages sent to CPU within
30 seconds is bigger than the configured threshold value, system
sends a piece of alarm information in format of "Receive too many
packets of 'protocol message type' from port 'port number'". This
indicates the user that there may be attack of some type of proto-
col message on a port. If the user considers this is an attack, the
user can disable this type of protocol protection. Therefore, this
type of protocol messages can not be sent to switch platform and
can not attack CPU anu more. When the user considers that the
attack stops, the user can enable protocol protection again and
normal messages of this protocol can be sent to CPU to be pro-
cessed.
Configuring CPU Attack
Protection
Configuring IPv4 Protocol Protection
IPv4 and IPv6 protocol protection is configured in interface config-
uration mode. So it modifies this function of physical interfaces.
To configure IPv4 protocol protection, perform the following steps.
152
Confidential and Proprietary Information of ZTE CORPORATION
- Quick Links:
- Configuring Telnet Connection
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the ZXR10 8900 Series and is the answer not in the manual?