Bp utilization threshold, Protection against malformed ip packets, Transaction rate limit – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 19

Advertising
background image

Brocade Virtual ADX Security Guide

7

53-1003250-01

Protection against malformed IP packets

1

BP 1: last sec: 0.20%, 5 sec: 0.10%, 60 sec: 0.09%, 300 sec: 0.08%

BP 2: last sec: 0.20%, 5 sec: 0.10%, 60 sec: 0.09%, 300 sec: 0.09%

Per core utilization:

Core 1: last sec: 1.00%, 5 sec: 0.60%, 60 sec: 0.32%, 300 sec: 0.29%

Core 2: last sec: 0.00%, 5 sec: 0.40%, 60 sec: 0.48%, 300 sec: 0.52%

Core 3: last sec: 0.00%, 5 sec: 0.00%, 60 sec: 0.00%, 300 sec: 0.00%

BP utilization threshold

The bp-utilization-threshold command allows you to specify a threshold for barrel processor (BP)
CPU utilization. Define this command under the global configuration mode.

When the threshold is exceeded, the event is logged and a trap is sent. The log and trap are
rate-limited to one per two minutes.

The command takes a percentage string as parameter.

Virtual ADX(config)# bp-utilization-threshold 80.5%

Syntax: bp-utilization-threshold percentage

Protection against malformed IP packets

The Brocade Virtual ADX can be enabled to guard against malformed IP packets. When this feature
is enabled, the Brocade Virtual ADX will drop/block the abnormal packet received if any of the
following condition is true:

1. Source IP = 0.0.0.0 or 255.255.255.255

2. Destination IP = 0.0.0.0

3. Source IP = Destination IP

You can enable the protection against malformed IP packets feature on the Brocade Virtual ADX
globally by entering the following command.

Virtual ADX(config)# server block-abnormal-ip-packet

Syntax: [no] server block-abnormal-ip-packet

Transaction rate limit

Transaction rate limit (TRL) counts the number of transactions received from any one IP address. If
the transaction count exceeds a specified threshold value, traffic from that IP address is held and
not processed for a specified number of minutes.

Transaction rate limit provides the flexibility to specify different configurations for different clients,
based on the client IP address/prefix.

Transaction rate limit provides the following benefits:

Advertising
Popular Brands
Popular manuals