D-Link DAS-3626 Manuale Utente
DAS-3626 VDSL2 Switch User Manual
Safeguard Engine
Periodically, malicious hosts on the network will attack the switch by utilizing packet flooding (ARP Storm) or other
methods. These attacks may increase the Safeguard Engine beyond its capability. To alleviate this problem, the
Safeguard Engine function was added to the switch’s software.
methods. These attacks may increase the Safeguard Engine beyond its capability. To alleviate this problem, the
Safeguard Engine function was added to the switch’s software.
The Safeguard Engine can help the overall operability of the switch by minimizing the workload of the switch while the
attack is ongoing, thus making it capable to forward essential packets over its network in a limited bandwidth. When
the switch either (a) receives too many packets to process or (b) exerts too much memory, it will enter an Exhausted
mode. When in this mode, the switch only receives a small amount of ARP or IP broadcast packets for a calculated
time interval. Every five seconds, the switch will check to see if there are too many packets flooding the switch. If the
threshold has been crossed, the switch will do a rate limit and only allow a small amount of ARP and IP broadcast
packets for five seconds. After another five-second checking interval arrives, the switch will again check the ingress
flow of packets. If the flooding has stopped, the switch will again begin accepting all packets. Yet, if the checking
shows that there continues to be too many packets flooding the switch, it will still only accept a small amount of ARP
and IP broadcast packets for double the time of the previous stop period. This doubling of time for stopping ingress
ARP and IP broadcast packets will continue until the maximum time has been reached, which is 320 seconds and
every stop from this point until a return to normal ingress flow would be 320 seconds. For a better understanding,
examine the following example of the Safeguard Engine.
attack is ongoing, thus making it capable to forward essential packets over its network in a limited bandwidth. When
the switch either (a) receives too many packets to process or (b) exerts too much memory, it will enter an Exhausted
mode. When in this mode, the switch only receives a small amount of ARP or IP broadcast packets for a calculated
time interval. Every five seconds, the switch will check to see if there are too many packets flooding the switch. If the
threshold has been crossed, the switch will do a rate limit and only allow a small amount of ARP and IP broadcast
packets for five seconds. After another five-second checking interval arrives, the switch will again check the ingress
flow of packets. If the flooding has stopped, the switch will again begin accepting all packets. Yet, if the checking
shows that there continues to be too many packets flooding the switch, it will still only accept a small amount of ARP
and IP broadcast packets for double the time of the previous stop period. This doubling of time for stopping ingress
ARP and IP broadcast packets will continue until the maximum time has been reached, which is 320 seconds and
every stop from this point until a return to normal ingress flow would be 320 seconds. For a better understanding,
examine the following example of the Safeguard Engine.
Figure 132. Mapping QoS on the Switch
For every consecutive checking interval that reveals a packet flooding issue, the switch will double the time it will
accept a few ingress ARP and IP broadcast packets. In the example above, the switch doubled the time for dropping
ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals. (First stop = 5
seconds, second stop = 10 seconds, third stop = 20 seconds) Once the flooding is no longer detected, the wait period
for limiting ARP and IP broadcast packets will return to 5 seconds and the process will resume.
accept a few ingress ARP and IP broadcast packets. In the example above, the switch doubled the time for dropping
ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals. (First stop = 5
seconds, second stop = 10 seconds, third stop = 20 seconds) Once the flooding is no longer detected, the wait period
for limiting ARP and IP broadcast packets will return to 5 seconds and the process will resume.
Once in Exhausted mode, the packet flow will decrease by half of the level that caused the switch to enter Exhausted
mode. After the packet flow has stabilized, the rate will initially increase by 25% and then return to a normal packet
flow.
mode. After the packet flow has stabilized, the rate will initially increase by 25% and then return to a normal packet
flow.
110