9 configuring direct broadcast, 10 configuring denial of service (dos), 11 monitoring ip parameters – Riverstone Networks WICT1-12 User Manual

Page 187: Configuring direct broadcast -9, Configuring denial of service (dos) -9, Monitoring ip parameters -9

Advertising
background image

Riverstone Networks RS Switch Router User Guide Release 8.0 11-9

IP Routing Configuration Guide

Configuring Direct Broadcast

11.9

CONFIGURING DIRECT BROADCAST

Directed broadcast packets are network or subnet broadcast packets which are sent to a router to be forwarded as
broadcast packets. They can be misused to create Denial Of Service attacks. The RS protects against this possibility
by not forwarding directed broadcasts, by default. To enable the forwarding of directed broadcasts, use the

ip enable

directed-broadcast

command.

You can configure the RS to forward all directed broadcast traffic from the local subnet to a specified IP address or all
associated IP addresses. This is a more efficient method than defining only one local interface and remote IP address
destination at a time with the

ip-helper

command when you are forwarding traffic from more than one interface in

the local subnet to a remote destination IP address.

To enable directed broadcast forwarding on the “int4” network interface:

11.10 CONFIGURING DENIAL OF SERVICE (DOS)

By default, the RS installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware,
if directed broadcast is not enabled on the interface where the packet is received. You can disable this feature, causing
directed broadcast packets to be processed on the RS even if directed broadcast is not enabled on the interface receiving
the packet.

Similarly, the RS installs flows to drop packets destined for the RS for which service is not provided by the RS. This
prevents packets for unknown services from slowing the CPU. You can disable this behavior, causing these packets to
be processed by the CPU.

To cause directed broadcast packets to be processed on the RS, even if directed broadcast is not enabled on the interface
receiving the packet:

To allow packets destined for the RS, but do not have a service defined for them on the RS, to be processed by the RS’s
CPU:

11.11 MONITORING IP PARAMETERS

The RS provides display of IP statistics and configurations contained in the routing table. Information displayed
provides routing and performance information.

rs(config)# ip enable directed-broadcast interface int4

rs(config)# ip dos disable directed-broadcast-protection

rs(config)# ip dos disable port-attack-protection

Advertising
Popular Brands
Popular manuals