Cisco Cisco ASA 5585-X Adaptive Security Appliance 백서
Cisco and Public Sector Cyberdefense
8
Response and Recovery in the LAN
While some security intrusions are meant to gain access to confidential
information, others have the much simpler goal of disruption. The sole
purpose of distributed-denial-of-service (DDoS) attacks, for example,
is to introduce failure. Indeed, any failures, whether malicious or even
accidental, disrupt the orderly operation of government and are therefore
a national security concern.
information, others have the much simpler goal of disruption. The sole
purpose of distributed-denial-of-service (DDoS) attacks, for example,
is to introduce failure. Indeed, any failures, whether malicious or even
accidental, disrupt the orderly operation of government and are therefore
a national security concern.
This places two additional requirements on the network:
• The ability to continue operating even during the event of a security
attack or other system outage
• The need for a sophisticated tool set to quickly analyze, respond to,
and remediate an attack or failure while it is in progress
One technology that allows for continued operation even during
a system failure is
a system failure is
Cisco Nonstop Forwarding with Stateful
Switchover (NSF/SSO). It allows a switch or router experiencing a
failure of an active supervisor to continue forwarding data packets along
known routes while the routing protocol information is recovered and
validated. Data-plane forwarding can continue to occur even though
peering arrangements with neighbor routers have been lost on the
restarting router.
failure of an active supervisor to continue forwarding data packets along
known routes while the routing protocol information is recovered and
validated. Data-plane forwarding can continue to occur even though
peering arrangements with neighbor routers have been lost on the
restarting router.
NSF relies on the separation of the control plane and the data plane
during supervisor switchover. The data plane continues to forward
packets based on preswitchover Cisco Express Forwarding information.
The control plane implements the graceful restart routing protocol
extensions to signal a supervisor restart to NSF-aware neighbor
routers, reform its neighbor adjacencies, and rebuild its routing protocol
database following a switchover.
during supervisor switchover. The data plane continues to forward
packets based on preswitchover Cisco Express Forwarding information.
The control plane implements the graceful restart routing protocol
extensions to signal a supervisor restart to NSF-aware neighbor
routers, reform its neighbor adjacencies, and rebuild its routing protocol
database following a switchover.
An NSF-capable router implements the NSF functionality and continues
to forward data packets after a supervisor failure. An NSF-aware router
understands the NSF graceful restart mechanisms: it does not tear
down its neighbor relationships with the NSF-capable restarting router
and can help a neighboring NSF-capable router restart, thus avoiding
to forward data packets after a supervisor failure. An NSF-aware router
understands the NSF graceful restart mechanisms: it does not tear
down its neighbor relationships with the NSF-capable restarting router
and can help a neighboring NSF-capable router restart, thus avoiding
unnecessary route flaps and network instability. An NSF-capable router
is also NSF-aware.
is also NSF-aware.
A further extension of NSF/SSO capabilities is
Cisco In-Service
Software Upgrade (ISSU). ISSU takes the concepts of NSF/SSO and
applies them to another source of potential network downtime, software
upgrades. A switch or router implementing ISSU will continue to forward
packets throughout the upgrade process.
applies them to another source of potential network downtime, software
upgrades. A switch or router implementing ISSU will continue to forward
packets throughout the upgrade process.
A unique feature of the Cisco Catalyst 6500 Series switch is
Cisco IOS
Software modularity. This capability allows the Cisco Catalyst 6500
Series to offer runtime patching of security updates. This means that
there is no downtime when patching security updates and reduced code
certification time after the patching.
Series to offer runtime patching of security updates. This means that
there is no downtime when patching security updates and reduced code
certification time after the patching.
Because NSF/SSO and ISSU require redundant supervisors, they are
limited to the modular switching products, the Cisco Catalyst 6500 and
4500 Series switches.
limited to the modular switching products, the Cisco Catalyst 6500 and
4500 Series switches.
For Cisco Catalyst fixed switches, Cisco
StackWise
®
can help limit
the failure domain. Cisco StackWise technology provides a method for
collectively utilizing the capabilities of a stack of switches. Individual
switches intelligently join to create a single switching unit with a
switching stack interconnect. Configuration and routing information is
shared by every switch in the stack, creating a single switching unit. All
stack members have full access to the stack interconnect bandwidth.
The stack is managed as a single unit by a master switch, which is
elected from one of the stack member switches.
collectively utilizing the capabilities of a stack of switches. Individual
switches intelligently join to create a single switching unit with a
switching stack interconnect. Configuration and routing information is
shared by every switch in the stack, creating a single switching unit. All
stack members have full access to the stack interconnect bandwidth.
The stack is managed as a single unit by a master switch, which is
elected from one of the stack member switches.
Master redundancy allows each stack member to serve as a master,
providing the highest reliability for forwarding. Each switch in the stack
can serve as a master, creating a 1:N availability scheme for network
control. In the unlikely event of a single unit failure, all other units continue
to forward traffic and maintain operation.
providing the highest reliability for forwarding. Each switch in the stack
can serve as a master, creating a 1:N availability scheme for network
control. In the unlikely event of a single unit failure, all other units continue
to forward traffic and maintain operation.
While each of the above technologies plays a part in maintaining the
operation of the network during a system failure, there is another aspect
of the problem that must be addressed. How can the attacks that are
operation of the network during a system failure, there is another aspect
of the problem that must be addressed. How can the attacks that are
Continue
Previous