Only legal packets of legal users can access the network through previous two steps. This only accomplishes half job of safe deployment on the edge. The guardian of network services still needs to watch over the network.

Recently some network viruses or malicious attacks have taken up violent attack again. They execute flooding attack rather than playing fraud after accessing the network, either generating meaningless packets all over the network and slowing down the network speed, or causing the gateway equipment or core equipment down and the failure of the network. Below is a simple example.

To solve this problem, the switch on the access layer no longer stays passive. It actively detects possible attack packets, such as ARP packets. It isolates the packets at the access layer when detecting the packet rate is too high, guaranteeing that the packets are sent to the gateway/core equipment at a normal rate.

This method has two advantages:

1. Distributed handling of attack packets largely relieves the pressure on the gateway/core equipment. Before it was a single piece of equipment combating against all the attacks in the network, and now there are hundreds or even thousands of equipments dealing with attack packets, which in turn enhances the reliability of the entire network system.

2. The CPU utilization of the equipments on the access layer is generally low, causing a great waste of resources. This method can considerably improve the efficiency of equipments on the access layer and make it worthwhile. However, the equipments on the core layer can be released from the handling of invalid packets and focus on the key tasks such as network protocol processing and data forwarding.

The following figure shows the effect after improvement:

People may be still concerned about the attack prevention capability of equipments on the access layer. Below presents a description.

First, an access equipment suffers rather weak attack for a few users connect to it. In addition, the CPU processing capability of the current access equipment is close to that of the convergence equipment.

Second, two types of technologies are adopted on the access equipment of Ruijie Networks for higher security.
1. The switch can classify and limit the rate of the packets to the CPU for identifying attack packets properly.
2. When the switch detects attack packets, it adopts hardware isolation for the hardware-based processing is far higher than the transmission of attack packets.

Together with self-protection, distributed processing makes the switch on the access layer be more than equal to dealing with attacks. It makes a great contribution to the stability of the entire network. As an access layer switch, it needs to protect the security of the network edge and offer a harmless environment for data forwarding in the Intranet.