This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
CPU defend

CPU defend

Latest reply: Sep 28, 2018 18:20:41 742 2 0 0
display all floors #1

This post refers to CPU defend. Please have a look at the information displayed below.

Function

The cpu-defend policy command creates an attack defense policy and displays the attack defense policy view.


The undo cpu-defend policy command deletes an attack defense policy.


By default, the default attack defense policy exists on the device and is applied to the device.

The default attack defense policy cannot be deleted or modified.

 

 

Usage scenario


A large number of packets including attack packets are sent to the CPU on a network. If excess packets are sent to the CPU, its usage becomes high and its performance deteriorates.


The attack packets affect services and may even cause system breakdown. To solve the problem, create an attack defense policy and configure CPU attack defense and attack source tracing in the attack defense policy.

 

Precautions


The device supports a maximum of 13 attack defense policies, including the default attack defense policy. The default attack defense policy is generated in the system by default and is applied to the device.


The default attack defense policy cannot be deleted or modified. The other 12 policies can be created, modified, and deleted.

 

# Create an attack defense policy named test.

<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test]

 

cpu-defend trap drop-packet

Usage scenario


To protect the CPU, a switch limits the rate of protocol packets sent to the CPU based on the CPCAR. If the rate of protocol packets exceeds the CPCAR, excess protocol packets are dropped, which may affect the corresponding service. To quickly detect packet loss caused by exceeding the CPCAR, you can use this command to enable alarm reporting for this event. After this function is enabled, the switch checks at 10-minute intervals for packet loss caused by CPCAR. If the switch finds that the number of dropped packets of a protocol increases, the switch reports a packet loss alarm.

 

Example


# Enable alarm reporting for packet loss caused by CPCAR exceeding.

<HUAWEI> system-view
[HUAWEI] cpu-defend trap drop-packet

 

 

Checking whether network attacks exist

 

Run the display cpu-defend statistics command to check statistics about packets sent to the CPU.


According to the statistics, determine whether many protocol packets have been discarded because the CPU is too busy to process them. Then, run the reset cpu-defend statistics command to clear the statistics. After several seconds, run the display cpu-defend statistics command again to re-check the statistics.

 

If packets of a protocol are numerous, determine whether this is a normal phenomenon based on the networking. If this is abnormal, a protocol packet attack occurs.

 

<HUAWEI> reset cpu-defend statistics
<HUAWEI> display cpu-defend statistics all
Statistics on slot 2:
-----------------------------------------------------------------------------------------------------------
Packet Type         Pass(Bytes)  Drop(Bytes)   Pass(Packets)   Drop(Packets)
-----------------------------------------------------------------------------------------------------------
arp-miss            0            0             0               0
arp-request         40800        35768         600             52600
bgp                 0            0             0               0
......
---------------------------------------------------------------------------

 

If the live network has no possibility to produce so many ARP request packets, the switch is under an ARP attack.


If the switch has a high CPU usage, do not increase the CPCAR value. Instead, find out the attack source.



{:9_417:}


  • x
  • convention:

Helpful (0) Favorite(0) Share Report
RubenMonroy
Created Sep 28, 2018 16:57:38 Helpful(0) Helpful(0)

Thanks a for sharing, the post is very clear and useful
  • x
  • convention:
faysalji
Created Sep 28, 2018 18:20:41 Helpful(0) Helpful(0)

Good share mateCPU defend-2764587-1
  • x
  • convention:
If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

APP