Cisco Cisco Catalyst 6500 Cisco 7600 Router Anomaly Guard Module 디자인 가이드

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 5 of 12

Figure 3. Dedicated Configuration

Traffic Hijacking Options

In the integrated configuration, there is only one traffic hijacking option—sending an RHI message from the Anomaly Guard to the routing process

of the supervisor engine to add a static route to the supervisor engine routing table that names the Anomaly Guard as the next hop.

In the dedicated configuration, there is only one option for the first step of the process—sending an RHI message from the Anomaly Guard Module

to the supervisor engine on the same Cisco Catalyst 6500 Series switch chassis. In the second step, where the supervisor engine routing process has

to redistribute the static route created by the RHI advertisement to an upstream router, there are multiple options. Whichever Cisco IOS

Software-

supported interior gateway routing protocol is desired for the redistribution from the dedicated guard to the upstream router can be used.

Traffic Injection Options

For both traffic diversion configurations, the traffic injection options are Layer 2 or Layer 3 topologies.

In the Layer 2 topology option, cleaned traffic is forwarded from the Anomaly Guard Module to a statically configured next-hop address residing

on a downstream router that is on the same VLAN/subnet as the Anomaly Guard traffic injection interface/VLAN. Layer 2 traffic injection is the

simplest to configure—no significant configuration changes are required on the downstream router.

In the Layer 3 topology option, there are two traffic injection choices—VPN Routing and Forwarding (VRF) or tunnel (generic routing

encapsulation [GRE] or IP over IP [IPIP]).