Shulou(Shulou.com)06/01 Report--

In the process of construction and operation of man, it is necessary to deploy traffic cleaning equipment synchronously to deal with sudden malicious * *. It is very important for important applications in man, such as websites and other public access resources, to ensure that normal business access is provided while resisting malicious * *.

Metropolitan area network core routers are generally deployed in pairs. The traffic cleaning equipment is directly interconnected with the core router and establishes BGP neighbor relationship. By configuring the traffic cleaning equipment, the traffic cleaning equipment can advertise the IP of the * * target to the core router, so that the IP address of the * * target can pass through the traffic cleaning equipment, clean * * traffic, and return normal traffic.

The following figure shows a schematic diagram of the flow direction of the traffic cleaning equipment at startup. * traffic and normal traffic directly reach the * * target.

When * detection equipment is not deployed, and only traffic cleaning equipment is deployed, * * traffic cannot be detected automatically, and traffic cleaning equipment cannot respond automatically. You need to find the traffic artificially, and then set up the flow cleaning equipment to start the traffic cleaning.

When discovering * traffic, you must first know the * target IP address, and configure the IP address to the BGP advertisement list of the traffic cleaning equipment. After the man core router learns the route advertised by the traffic cleaning equipment, the route to the * * target IP points to the traffic cleaning equipment, that is, after the Internet traffic reaches the man core router, the next hop goes to the traffic cleaning equipment first. The traffic cleaning equipment automatically cleans the * traffic, and the rest of the normal traffic is returned to the man core router through the default route on the traffic cleaning equipment, and the core router sends the normal traffic to the * target Web server. This is the only normal access traffic that reaches the Web server. The schematic diagram of the flow direction is as follows:

Policy routing is configured on the interface between the metropolitan area network core router and the traffic cleaning equipment. According to the IP address of the target, the policy router specifies that the traffic is forwarded through that downlink interface instead of guiding the traffic forwarding through the routing table. This will lead to a routing loop, and the traffic will always be forwarded between the core router and the traffic cleaning equipment. However, each time you start the traffic cleaning process, you need to manually configure policy routing. The normal traffic injected from the traffic cleaning equipment will not be forwarded to the traffic cleaning equipment again, and the traffic coming from the interfaces other than the interconnected ports of the core router and the traffic cleaning equipment will be sent to the traffic cleaning equipment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.