Compare Products
Hide
VS
Only legal packets of legal users can access the network through previous two steps. This only accomplishes half job of safe deployment on the edge. The guardian of network services still needs to watch over the network.
Recently some network viruses or malicious attacks have taken up violent attack again. They execute flooding attack rather than playing fraud after accessing the network, either generating meaningless packets all over the network and slowing down the network speed, or causing the gateway equipment or core equipment down and the failure of the network. Below is a simple example.
To solve this problem, the switch on the access layer no longer stays passive. It actively detects possible attack packets, such as ARP packets. It isolates the packets at the access layer when detecting the packet rate is too high, guaranteeing that the packets are sent to the gateway/core equipment at a normal rate.
This method has two advantages:
1. Distributed handling of attack packets largely relieves the pressure on the gateway/core equipment. Before it was a single piece of equipment combating against all the attacks in the network, and now there are hundreds or even thousands of equipments dealing with attack packets, which in turn enhances the reliability of the entire network system.
2. The CPU utilization of the equipments on the access layer is generally low, causing a great waste of resources. This method can considerably improve the efficiency of equipments on the access layer and make it worthwhile. However, the equipments on the core layer can be released from the handling of invalid packets and focus on the key tasks such as network protocol processing and data forwarding.
The following figure shows the effect after improvement:
People may be still concerned about the attack prevention capability of equipments on the access layer. Below presents a description.
First, an access equipment suffers rather weak attack for a few users connect to it. In addition, the CPU processing capability of the current access equipment is close to that of the convergence equipment.
Second, two types of technologies are adopted on the access equipment of Ruijie Networks for higher security.
1. The switch can classify and limit the rate of the packets to the CPU for identifying attack packets properly.
2. When the switch detects attack packets, it adopts hardware isolation for the hardware-based processing is far higher than the transmission of attack packets.
Together with self-protection, distributed processing makes the switch on the access layer be more than equal to dealing with attacks. It makes a great contribution to the stability of the entire network. As an access layer switch, it needs to protect the security of the network edge and offer a harmless environment for data forwarding in the Intranet.
Ruijie Networks websites use cookies to deliver and improve the website experience.
See our cookie policy for further details on how we use cookies and how to change your cookie settings.
Cookie Manager
When you visit any website, the website will store or retrieve the information on your browser. This process is mostly in the form of cookies. Such information may involve your personal information, preferences or equipment, and is mainly used to enable the website to provide services in accordance with your expectations. Such information usually does not directly identify your personal information, but it can provide you with a more personalized network experience. We fully respect your privacy, so you can choose not to allow certain types of cookies. You only need to click on the names of different cookie categories to learn more and change the default settings. However, blocking certain types of cookies may affect your website experience and the services we can provide you.
Through this type of cookie, we can count website visits and traffic sources in order to evaluate and improve the performance of our website. This type of cookie can also help us understand the popularity of the page and the activity of visitors on the site. All information collected by such cookies will be aggregated to ensure the anonymity of the information. If you do not allow such cookies, we will have no way of knowing when you visited our website, and we will not be able to monitor website performance.
This type of cookie is necessary for the normal operation of the website and cannot be turned off in our system. Usually, they are only set for the actions you do, which are equivalent to service requests, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or remind you of such cookies, but certain functions of the website will not be available. Such cookies do not store any personally identifiable information.
Contact Us
How can we help you?