电信IPTV业务平台交换机CPU防护方案(COPP)
?随着XX电信IPTV业务的快速遍及,以及网络上攻击流量的无处不在,致使作为会聚层交换机的7609、6509和4507等设备的CPU使用率通常居高不下,为了避免继续的CPU使用率过高也许形成的使用中止,特制定此方案,使用Cisco的Hardwarerate-limit和ControlPlanePolicing(CoPP)来对交换机的CPU进行相应保护,进一步提升业务的可用性和用户体会。?此方案将着重管理以下三个问题:?1)为何目的地址不是7600的攻击包也会致使7600的CPU使用率过高??2)为何攻击包的流量不大,有时只要几十兆bps也可以致使CPU上升到100%??3)用于这种状况,有什么管理方法?(?With the rapid spread of XX Telecom's IPTV services and the ubiquity of attack traffic on the network, the CPU usage of devices such as 7609, 6509, and 4507 as convergence layer switches is usually high. In order to avoid continuous CPU usage If it is too high, the use may be terminated. This solution is specially formulated. Cisco's Hardwarerate-limit and ControlPlanePolicing (CoPP) are used to protect the CPU of the switch accordingly, further improving the service availability and user experience. ?This solution will focus on managing the following three questions: ?1) Why does the attack packet whose destination address is not 7600 also cause the CPU usage of 7600 to be too high? 2) Why is the traffic of the attack packets small, and sometimes only a few tens of megabits per second can cause the CPU to rise to 100%? ?3) What is the management method for this situation?)
页:
[1]