No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CPU Protection by Using Hardware to Implement Automatic Session Reply

CPU Protection by Using Hardware to Implement Automatic Session Reply

As described in Limited Processing Capabilities of Control and Management Planes, the forwarding plane of a ME device is implemented by hardware and therefore provides high performance. The control and management planes, however, run on the CPU. The processing capability of the control and management planes is far lower than that of the forwarding plane. When the ME device is attacked, the control and management planes may deny services due to insufficient processing capability, and as a result become the target of attackers.

Huawei ME devices utilize the powerful processing capability of the forwarding plane. The hardware responds intelligently to requests of several protocols that seriously threaten the CPU security, which reduces the CPU load and prevents the CPU from becoming the target of DoS attacks.

Figure 7-9 CPU protection by using hardware to implement intelligent packet responding

As shown in the preceding figure, the NP hardware on the forwarding plane of a ME device is used to automatically and intelligently respond to packets that should be sent to the CPU, reducing the CPU usage. In addition, when the ME device is attacked by the X flood (such as the ARP, ICMP, WEB Portal), the infinite performance of the NP hardware can be used to ensure the operating performance of the CPU.

  • For detailed information, see Enabling ARP Bidirectional Isolation and Example for Configuring ARP Bidirectional Isolation and ARP VLAN CAR in the ME60 V800R010C10 Configuration Guide - Security.
  • For detailed information, see Configuring Fast ICMP Reply in the ME60 V800R010C10 Configuration Guide - IP Service.
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 7689

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next