EasyManuals Logo

Zte ZXR10 M6000 Series User Manual

Zte ZXR10 M6000 Series
57 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #42 background imageLoading...
Page #42 background image
ZXR10M6000&T8000&8900ESecurityTarget
TheTOEenforcesanEXPORTSFPwherebyinformationeventsaresentfromtheTOE
toSNMPtrapandSYSLOGdestinations.TheTOEwillonlysendauditandmanagement
datatoproperlycongureddestinations
lFDP_IFF.1(1)Simplesecurityattributes(unauthenticatedpolicy)
TheTOEsupportsroutingofthetrafcthatispermittedbytheinformationow
policies.AlltrafcpassingthroughtherouterisprocessedbytheACLattachedtothe
interface/protocol.TheACLisprocessedtop-down,withprocessingcontinuinguntilthe
rstmatchismadeaccordingtothesource/destinationandsecurityattributesinthe
packet.
AlltrafcthatsuccessfullypassedtheACLsisprocessedbytheroutingtables.Therouting
tablemaybestaticallyupdatedbyanadministratorordynamicallygeneratedaccordingto
RIPv2,OSPFv2,IS-ISandBGPv4routingprotocols.
TheTOEexplicitlydeniespacketsbasedonthefollowingrule:
1.wherethesourceidentityoftheinformationisnotincludedinthesetofsource
identiersforthesourcesubject;
2.requestsforaccessorserviceswherethesourceidentityofthepacketspeciesa
broadcastidentity;
3.requestsforaccessorserviceswherethepresumedsourceidentityofthepacket
speciesaloopbackidentier.
4.packetsdoesnotcorrespondtoanentryintheroutingtable.
5.packetsthatdonotconformtoIPprotocolortheassociatedroutingprotocol
specication(RFCsforRIPv2,OSPFv2,IS-IS,BGPv4)].
Aup-sendingpacketrateisalsousedforTOEprotection.Thereare3protection
mechanisms:
1.Iftheup-sendingowratefromthenetworkinterfaceexceedsthecongured
threshold,theexceededtrafcwillbedropped(Anti-DoS).
2.Iftheoutgoinginterfaceofthesourceroutingpacketisdifferentfromtheingoing
interface,thepacketwillbedropped.(URPF).
3.Ifthestatisticsofsemi-connectionoftheTCPSYNoodexceedsconguredthreshold,
theTOEsuppressestheseattacks.
Subjectandinformationsecurityattributesusedare:
1.IPnetworkaddressandportofsourcesubject;
2.IPnetworkaddressandportofdestinationsubject;
3.transportlayerprotocolandtheiragsandattributes(UDP ,TCP);
4.networklayerprotocol(IP ,ICMP);
5.interfaceonwhichtrafcarrivesanddeparts;
6.routingprotocolsandtheircongurationandstate;and
7.controltrafcandtrafcthreshold.
lFDP_IFF.1(2)Simplesecurityattributes(exportpolicy)
TheTOEalsoenforcesanEXPORTSFPwherebyinformationeventsaresentfromthe
TOEtoSNMPtrapandSYSLOGdestinations.
6-8
SJ-20110815105844-030|2011/08/19R1.6ZTECORPORATION

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Zte ZXR10 M6000 Series and is the answer not in the manual?

Zte ZXR10 M6000 Series Specifications

General IconGeneral
Operating Temperature0°C to 45°C
Storage Temperature-40°C to 70°C
Relative Humidity5% to 95% (non-condensing)
TypeModular Router
SeriesZXR10 M6000
Port DensityHigh
SlotsMultiple
DimensionsVaries by model
WeightVaries by model
RedundancyKey components redundancy

Related product manuals