Application Delivery (ADX)

Reply
Contributor
Posts: 24
Registered: ‎05-04-2009

Which processor is responsible for the DoS protection features?

Is it the management processor or the barral processors (application processor) being responsible for this? I do remember that SYN-guard/-proxy is getting done in ASICs but the rest?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Which processor is responsible for the DoS protection features?

The DoS protection is getting done in hardware. There are special Application Acceleration Processors inside the ADX doing that stuff. These processors are ASICs/FPGAs as well - MOST of the attacks do not hit the upper processor layers. Syn-attacks are getting processed at these Application Acceleration Chips and there are another 12 or so attacks which are handled in hardware as well now talking about the ADX. From the top of my head the following things are getting blocked in hardware in case the features are enabled:

- TCP packets with fin but no ACK flag

- icmp fragments

- land-attacks

- ping of death

- TCP packets with syn and fin bit set

- xmas tree attacks

- TCP packets without any flags

- packets with an unkown IP protocol

- and some others

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.