Professional Documents
Culture Documents
Lets assume that a large number of packets are sent to CPU of a device. What will happen if
most of these packets are malicious attack packets? CPU usage will become high, what can
bring to services deterioration. In extreme cases it can lead the device to reboot. We can
minimize an impact of the attack on network services, providing the local attack defense
function. When such attack occurs, this function ensures non-stop service transmission.
o The device uses blacklists to filters invalid packets sent to the CPU
o The device limits the rate of packets sent to the CPU based on the protocol
type
o The device schedules packets sent to the CPU based on priorities of protocol
packets
o The device uniformly limits the rate of packets with the same priority sent to
the CPU and randomly discards the excess packets to protect the CPU
o ALP is enabled to protect HTTP, FTP and BGP sessions. Packets matching
characteristics of the sessions are sent at a high rate, thats why session-related
services are ensured.
Attack source tracing checks attack packets sent to the CPU and notifies the
administrator by sending logs or alarms so that the administrator can take measures to
defend against attacks.
Althouhg each device has the defult configuration of local attack defense policy, you can
change it every time you need.
Based on AR documentation:
auto-defend enable
auto-defend threshold threshold-value
Configuring a blacklist:
Configuring ALP:
Configuring the rate limit for all packets sent to the CPU: