GSRs need to be
protected against such scenarios, which may result from DoS attacks directed at the GRP of the router. There
are few techniques available to alleviate DoS, such as rate-limiting traffic destined to the GRP from the line
cards. Unfortunately, this approach comes with a trade-off and some limitations. The rate limiting for normalpriority
traffic destined to the GRP does not guarantee protection to high-priority traffic, such as routing
protocol data in the event of an attack channeled via several line cards.
Receive ACL can be configured using the following global configuration command and distributed to each line
card in the router. Standard and extended ACL numbers are supported for rACL.
ip receive access-list
Infrastructure Protection ACLs (iACL)
Infrastructure ACL (iACL) is a conceptual view, and no special configuration is required. It is mainly used to
minimize the risk of direct infrastructure attacks by explicitly permitting only authorized traffic to the
infrastructure equipment (such as the routers, switches, and firewalls). This technique secures network devices
by denying access from valid external sources to all infrastructure device addresses that do not require direct
access.
Pages:
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105