Configuration Guide Configuring FPM
2.2.2 Configuring Loose TCP Status Check
2.2.2.1 Scenario
Loose TCP status check should be configured on the device to prevent flow interruption during active/standby switchover of
the device. Then a connection can be established and packets can be forwarded as long as one end sends an ACK packet,
so that the connection is not interrupted at all during the active/standby switchover.
2.2.2.2 Corresponding Protocols
Configure loose TCP status check on the backup device.
2.3 Features
2.3.1.1 Basic Concepts
Flow Entry
A flow entry, as a physical resource for the device to identify and manage all connections of an IP session, records basic
information about the current IP session. The corresponding protocols include ICMP, TCP, UDP, and RAWIP.
2.3.1.2 Overview
Transparent transmission when the flow
table is full
This feature ensures that the existing flows are not interrupted when the flow table
is full.
This feature reclaims invalid flow entries.
Number of packets permitted in a flow
This feature prevents IP packet flooding attacks.
This feature filters out packets on illegitimate TCP connections.
Strict packet status tracing
This feature performs packet threshold check.
This feature allows the establishment of a connection with only ACK packets.
2.3.2 Transparent Transmission of Packets When the Flow Table Is Full
2.3.2.1 Working Principle
The acceleration of IP service processing relies on a flow table. Flow table resources are configured according to the current
product hardware configuration and generally can meet application requirements in an application environment. In some
extreme environments, however, flow table resources could be exhausted, causing the failure to establish flows. With this
feature, packets are transparently transmitted instead of establishing any flow on wireless products when the flow table is full,
and service processing is not accelerated, thereby ensuring that service flows are not interrupted.
To Next Page
Loading...
Need help?
General
