Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cpu-defend policy policy-name
The attack defense policy view is displayed.
Step 3 Run:
rate-limit all-packets pps pps-value
The rate limit for all packets sent to the CPU is set.
The AR1200-S then randomly discards the packets that exceed the rate limit to protect the CPU.
----End
9.4.7 (Optional) Configuring the Rate Limit for Packets After ALP
Is Enabled
You can set the rate limit for packets in the attack defense policy after ALP is enabled.
Context
Active link protection (ALP) protects session-based application layer data, including data of
HTTP Sessions, FTP sessions. It ensures non-stop transmission of these services when attacks
occur.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cpu-defend policy policy-name
The attack defense policy view is displayed.
Step 3 Run:
application-apperceive packet-type {
| ftp | http } rate-limit rate-value
The rate limit for HTTP, FTP packets is set.
NOTE
During setup of an HTTP connection,an FTP connection , if the application-apperceive command is not
used to specify a rate, the default rate limit specified by application-apperceive is applied to HTTP,FTP.
By default, the rate limit for FTP packets is 1024 pps and the rate limit for and HTTP packets is 512 pps
when the session is enabled with ALP
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 9 Local Attack Defense Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
To Next Page
Loading...
Need help?
General
