Switch Anti-attack introduction Highlighted

Latest reply: Dec 27, 2018 15:46:44 440 10 4 0

Problem Background: At present, there are many hidden dangers in the network that may cause the control plane to be overloaded. For example, there are a lot of viruses or hacking tools in the network. These viruses or tools are waiting to attack network devices, which is will be caused the network accident. Among them, ARP and ICMP attack are common. The principle of these tools or viruses is to monopolize the resources of the attack object or to spoof the address, it will be caused the attack target business to crash. If the switch respond to ICMP and ARP packets without restriction, the CPU usage will be high when the virus is attacked. In this case, the control plane signaling protocol may be interrupted, and even the user's normal ARP request will not be responded. Attacked by a virus, causing business disruption.

Problem Description: The CPCAR is one of the main function of the switch device security. It perform service refinement on the packets sent to the control plane and speed limit and queue scheduling respectively to protect the security of the control plane.

The figure below is a schematic diagram of the current local anti-attack framework. The device is protected by hardware or software on the forwarding plane and the control plane respectively.



As can be seen from the figure, the local anti-attack mainly has three levels of protection:


The first level: ACL and other means to identify the traffic that needs to be sent to the control plane, and its speed limit or discard processing, implemented by ASIC hardware. The methods mainly include: CPCAR, blacklist, automatic penalty ACL, and traffic suppression.

The second level: scheduling and shaping various types of protocol packets by means of queues, implemented by ASIC hardware. The methods mainly include: protocol queue adjustment, CPU port speed limit, and CPU queue speed limit (box type).

The third level: This level is in the control plane, and the RISC performs software processing, such as the software speed limit anti-spoofing function of various protocol messages, and the attack source identification function in auto-defend is at this level. The methods include: security of various protocols, ARP anti-spoofing, auto-defend attack source identification, and speed-limit.


  • x
  • convention:

Created Dec 24, 2018 09:44:38 Helpful(0) Helpful(0)

Switch anti-attack is very detailed This post was last edited by xiaomumu at 2018-12-27 10:46.
  • x
  • convention:

Created Dec 27, 2018 15:46:44 Helpful(0) Helpful(0)

The methods mainly include: CPCAR, blacklist, automatic penalty ACL, and traffic suppression.How do you understand this sentence?
  • x
  • convention:

Back to list


You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Fast reply Scroll to top