Security, Quality of service – Enterasys Networks 8000/8600 User Manual
Page 20
Features
8
Enterasys X-Pedition 8000/8600 Getting Started Guide
•
Layer-4 flows – The X-Pedition can store Layer-4 flows on each line card. A Layer-4 flow
consists of the source and destination addresses in the IP or IPX packet combined with the TCP
or UDP source and destination port number (for IP) or the source and destination socket (for
IPX). You can therefore manage and control individual flows between hosts on an individual
application basis.
A single host can have many individual Layer-4 entries in the X-Pedition. For example, an IP host
might have separate Layer-4 application entries for E-mail, FTP, HTTP, and so on, or separate
Layer-4 flow entries for specific E-mail destinations and for specific FTP and Web connections.
Security
The bridging, routing, and application (Layer-2, Layer-3, and Layer-4) support described in
previous sections enables you to implement security filters that meet specific needs. You can
implement the following types of filters to secure traffic on the X-Pedition.
•
Layer-2 source filters (block bridge traffic based on source MAC address)
•
Layer-2 destination filters (block bridge traffic based on destination MAC address)
•
Layer-2 flow filters (block bridge traffic based on specific source-destination pairs)
•
Layer-3 source filters (block IP or IPX traffic based on source IP or IPX address)
•
Layer-3 destination filters (block IP or IPX traffic based on destination IP or IPX address)
•
Layer-3 flow filters (block IP or IPX traffic based on specific source-destination pairs)
•
Layer-4 flow filters (block traffic based on application flows)
•
Layer-4 application filters (block traffic based on UDP or TCP source and destination ports for
IP or source and destination sockets for IPX)
Quality of Service
Although the X-Pedition supplies non-blocking wire-speed throughput, you can configure the
X-Pedition to apply Quality of Service (QoS) policies during peak periods to guarantee service to
specific hosts, applications, and flows (source-destination pairs). This is especially useful in
networks where the traffic level can exceed the network medium’s capacity.
The X-Pedition QoS is based on four queues: control, high, medium, and low. Control traffic has
the highest priority, high the second highest, and so on. The default priority for all traffic is low.