Cisco Cisco Catalyst 6500 Cisco 7600 Router Anomaly Guard Module 디자인 가이드
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 5 of 12
Figure 3. Dedicated Configuration
Traffic Hijacking Options
In the integrated configuration, there is only one traffic hijacking option—sending an RHI message from the Anomaly Guard to the routing process
of the supervisor engine to add a static route to the supervisor engine routing table that names the Anomaly Guard as the next hop.
In the dedicated configuration, there is only one option for the first step of the process—sending an RHI message from the Anomaly Guard Module
to the supervisor engine on the same Cisco Catalyst 6500 Series switch chassis. In the second step, where the supervisor engine routing process has
to redistribute the static route created by the RHI advertisement to an upstream router, there are multiple options. Whichever Cisco IOS
®
Software-
supported interior gateway routing protocol is desired for the redistribution from the dedicated guard to the upstream router can be used.
Traffic Injection Options
For both traffic diversion configurations, the traffic injection options are Layer 2 or Layer 3 topologies.
In the Layer 2 topology option, cleaned traffic is forwarded from the Anomaly Guard Module to a statically configured next-hop address residing
on a downstream router that is on the same VLAN/subnet as the Anomaly Guard traffic injection interface/VLAN. Layer 2 traffic injection is the
simplest to configure—no significant configuration changes are required on the downstream router.
In the Layer 3 topology option, there are two traffic injection choices—VPN Routing and Forwarding (VRF) or tunnel (generic routing
encapsulation [GRE] or IP over IP [IPIP]).