Protection against attack in hardware, Application traffic prioritization – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 14

background image

2

Brocade Virtual ADX Security Guide

53-1003250-01

Application Traffic Prioritization

1

Prioritization of TCP port 80 traffic to management IP 10.200.1.1 from source subnet 10.1.1.X

Virtual ADX#server prioritize-mgmt-traffic 10.1.1.1 255.255.255.0 10.200.1.1 6 80

Prioritization of TCP port 80 traffic to management IP 10.200.1.1 from any source IP address

Virtual ADX#server prioritize-mgmt-traffic any 10.200.1.1 6 80

Prioritization of UDP port 2222 traffic to management IP 10.200.1.1 from source subnet 10.1.1.X

Virtual ADX#server prioritize-mgmt-traffic 10.1.1.1 255.255.255.0 10.200.1.1 17

2222

Protection against attack in hardware

Brocade Virtual ADX software allows for protection against attack in hardware without impacting
management processor (MP) or barrel processor (BP) CPU utilization. Configure the server
drop-all-mgmt-access command to drop all traffic destined to a specified management IP address.

The following command drops all traffic destined to the management IP address 10.45.16.104.

Virtual ADX(config)#server drop-all-mgmt-access 10.45.16.104

Syntax: [no] server drop-all-mgmt-access destination_ip

NOTE

For a router, the destination IP address is the physical or ve interface IP address For a switch, the
destination IP address is the management IP address.

The server drop-all-mgmt-access feature when used in combination with the server
prioritize-mgmt-traffic feature allows you to prioritize valid traffic while blocking unwanted traffic
destined to the management IP address.

For example, with the following configuration, only ssh, telnet and http traffic destined to
management IP address 10.45.16.104 will be prioritized and all other traffic destined to
10.45.16.104 will be dropped.

Virtual ADX(config)# server prioritize-mgmt-traffic any 10.45.16.104 6 22

Virtual ADX(config)# server prioritize-mgmt-traffic any 10.45.16.104 6 23

Virtual ADX(config)# server prioritize-mgmt-traffic any 10.45.16.104 6 80

Virtual ADX(config)# server drop-all-mgmt-access 10.45.16.104

Application Traffic Prioritization

Traffic prioritization is a traffic management technique used for providing quality of service and
security for network traffic. It helps allocate a higher amount of usable bandwidth to certain packet
types over the rest of the packets when the network is congested.

The Brocade Virtual ADX enables you to assign varying priority levels to different service VIPs. The
assignments can be done based on the relative importance of these applications to business
operations. The Brocade Virtual ADX orchestrates packet drops and thereby minimizes impact on
the system when it is subjected to DDoS attacks.

See also other documents in the category Brocade Computer Accessories: