No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Principles of BGP VPNv6 Flow Specification

Principles of BGP VPNv6 Flow Specification

Dynamic BGP VPNv6 Flow Specification

To deploy dynamic BGP VPNv6 Flow Specification, a traffic analysis server is required, and a BGP VPNv6 Flow Specification IBGP peer relationship must be established between the traffic analysis server and each ingress PE. As shown in Figure 4-7, the working process of dynamic BGP VPNv6 Flow Specification includes the following steps:
  1. PE2 and PE3 sample traffic and send sampled traffic to the traffic analysis server.
  2. The server checks the sampled traffic based on pre-configured rules to identify attack traffic.
  3. The traffic analysis server generates a BGP VPNv6 Flow Specification route based on the characteristics of the attack traffic and sends the route carrying traffic filtering rules to PE1 through the BGP VPNv6 Flow Specification IBGP connection.
  4. Upon receipt of the route, PE1 crosses it to VPNA and generates a traffic control policy based on the route to control traffic matching the filtering rules.
Figure 4-7 Operating mode of dynamic BGP VPNv6 Flow Specification

Static BGP VPNv6 Flow Specification

To deploy static BGP VPNv6 Flow Specification, a BGP VPN IPv6 Flow Specification route needs to be created manually on PE3 based on the characteristics of common attack traffic. After the BGP Flow-VPNv6 address family is enabled, PE3 generates a BGP VPNv6 Flow Specification route. Then a BGP VPNv6 Flow Specification IBGP peer relationship must be established between PE3 and the ingress PE (PE1) to transmit the BGP VPNv6 Flow Specification route. As shown in Figure 4-8, the working process of static BGP VPNv6 Flow Specification includes the following steps:
  1. A BGP VPNv6 Flow Specification route is created manually on PE3, and a filtering rule and traffic control action are configured based on the characteristics of the attack traffic.
  2. The BGP VPNv6 Flow Specification route is advertised to PE1 through the BGP VPNv6 Flow Specification IBGP connection.
  3. Upon receipt of the route, PE1 crosses it to VPNA and generates a traffic control policy based on the route to control traffic matching the filtering rules.
Figure 4-8 Operating mode of static BGP VPNv6 Flow Specification

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 14028

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next