No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CPCAR Overview and Configuration Guide

CPCAR Overview and Configuration Guide

Attack defense involves classifying uplink packets and controlling the bandwidth, priority, length of CPCAR packets, and total uplink bandwidth, and thereby limiting the number of uplink packets. This ensures that services with higher priorities are forwarded first. In addition, CPU overload is prevented and an alarm is generated when an attack occurs.

Currently, services are negatively affected when the CPU is attacked because of the following reasons:

  • Valid protocol packets are not distinguished from invalid protocol packets. The CPU is busy in processing a large number of invalid protocol packets. Consequently, the CPU usage rises sharply and valid packets cannot be processed properly.

  • Packets of some protocols are sent to the CPU through the same channel. When loopback occurs on a certain type of protocol packets, the channel is blocked, affecting the transmission of other protocol packets.

  • The bandwidth of a channel is not set appropriately. When an attack occurs, processing of protocol packets on other channels is affected.

CPCAR can be used with the blacklist. A blacklist is a set of unauthorized users. The device adds users with the specific characteristic into a blacklist and discards the packets from the users in the blacklist. The device can use ACLs to configure blacklists.

Translation
Download
Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 4777

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next