Configuring guard routes, Overview – H3C Technologies H3C S12500 Series Switches User Manual
Page 295
279
Configuring Guard routes
Overview
A Guard device is used to filter abnormal traffic.
To achieve this, Guard routes are configured on the Guard device to divert abnormal traffic to the Guard
device. A Guard route can be manually configured. In most cases, however, a Guard route is
automatically configured upon receipt of a notification.
Guard routes use Null 0 as the outbound interface and work together with BGP. They are neither installed
into the FIB nor used to forward IP packets. You can enable BGP to redistribute Guard routes to advertise
them to a BGP peer. In this way, traffic that is received by the BGP peer and destined for destinations of
Guard routes is diverted to the Guard device, which then filters and cleans the traffic.
Figure 98 Typical Guard route application
In the figure above, the Guard device is configured with a Guard route and the Detector device detects
network anomalies.
•
Router A communicates with the Web server, name server, and E-commerce application server
through Router B.
•
Router B and the Guard device run BGP and have formed a peer relationship. The import-route
guard command is used in BGP view on the Guard device to enable Guard route redistribution into
BGP.
•
Router B is configured to mirror the traffic (from Router A) destined for the Web server, name server,
and E-commerce application server to Detector.