No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application of BGP Flow Specification on a Network with Multiple Ingresses

Application of BGP Flow Specification on a Network with Multiple Ingresses

This section describes the application of BGP Flow Specification on a Network with Multiple Ingresses.

In the example in Figure 4-9, attack traffic may flow to AS200 through Device C and Device D, posing a threat to AS200.

Figure 4-9 Deploying BGP Flow Specification with Flow RR

In this situation, BGP Flow Specification must be deployed (the following description uses dynamic BGP Flow Specification as an example). A BGP Flow route reflector (Flow RR) must also be deployed to reduce the number of BGP Flow Specification peer relationships maintained on the traffic analysis server and to save CPU resources.

A Flow RR reflects, or propagates, the BGP Flow Specification route. The traffic analysis server establishes a BGP Flow Specification peer relationship only with the Flow RR, and the Flow RR establishes a BGP Flow Specification peer relationship with Device C and Device D. The Flow RR considers the traffic analysis server, Device C, and Device D to be its clients.

If the server detects abnormal traffic, it generates a BGP Flow Specification route and sends the route to the Flow RR. The Flow RR then reflects the route to Device C and Device D to filter out or control attack traffic.

NOTE:
  • Because one BGP RR supports a great many of peers, using Flow Specification together with a BGP Flow RR provides extensibility.

  • A Flow RR can be a device that has been configured as an ordinary RR or another device.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12511

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next