No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Understanding MPAC

Understanding MPAC

On an Internet service provider (ISP) network shown in Figure 18-1, user-side interfaces on a local device receive a great number of packets to be forwarded to the CPU. Some packets attempt to initiate attacks to the CPU.

Figure 18-1 MPAC networking

Attack packets destined for the CPU on a device pose the following threats to the device:

  • A great number of packets sent to the CPU are likely to cause a sharp spike in CPU usage. If the CPU is overloaded, device performance deteriorates, and service interruptions may occur.
  • Malicious packets allowed to reach the CPU consume resources, which causes a service interruption or even a system crash.
To prevent CPU resource exhaustion and operate a network properly, configure an MPAC policy on sub-interfaces, physical interfaces, and the entire device. The rules in the policy determine whether protocol-specific packets with the specified source and destination addresses can be sent to the service module.
  • If packets match a rule and the behavior in the rule is "permit", the packets are sent to the service module for processing.
  • If packets match a rule and the behavior in the rule is "deny", the packets are discarded.
  • If packets do not match rules in the policy, the packets are sent to the service module for processing.

Figure 18-2 demonstrates how an MPAC-capable device processes packets. You can define rules in an MPAC policy to meet site-specific requirements.

Figure 18-2 Packet processing
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12581

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next