< Home

Mechanism of Dynamic Traffic Limiting Against Traffic Attacks

Traffic attacks against which dynamic traffic limiting defends are classified into session type and packet loss type. Traffic attacks of packet loss type are further classified as follows:
  • Session type: Sessions are established for the attack flows. There are few attack flows, but the rate of each flow is high.
  • Packet loss type: Attack traffic is discarded by the FW. There are few attack flows, but the number of packets discarded per second calculated by the system is large.
  • Packet loss type: Attack traffic is discarded by the FW. The attack flows have the same 3-tuple and a low rate. The total number of discarded packets calculated by the system is large.

Traffic attacks may cause a large volume of traffic to be sent to the MPU CPU for processing, which overloads the MPU CPU and affects services.

Attack traffic is checked on the hardware chip. If the session packet rate or traffic rate reaches the specified threshold, a traffic limiting rule is delivered to the hardware chip. Then traffic limiting is performed on the attack traffic on the hardware chip, reducing the MPU CPU usage.

Parent Topic: Understanding Attack Defense
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic