SlideShare une entreprise Scribd logo

Unknown Unicast Storm Control in Internet Exchange

Jimmy Lim
Jimmy Lim

This presentation is the continuation of the presentation that I shared in March 2013 about Broadcast and Multicast Storm control in IX. Hopefully this presentation finalises the BUM storm control in Internet Exchange. Feel free to discuss and share!! Thanks, Jimmy

Technologie
1  sur  11
May 2013 Jimmy Halim jhalim10@gmail.com
ž This is the continuation of the Broadcast and Multicast Storm Control in Internet Exchange topic that I shared in March 2013 ž This presentation hopefully finalizes the BUM (Broadcast, Unkown Unicast, and Multicast) storm protection in Internet Exchange ž This is for discussion and sharing purposes
ž Unicast packets with unknown destination MAC addresses ž The packets will travel to all members in the same VLAN ž Creates security concern in Internet Exchange platform since all members are sharing the same VLAN
ž Causes 99% high CPU in the Line Card where the attack comes from ž VPLS CPU protection in Brocade is not protecting ž The unknown unicast limit threshold in Brocade is not protecting ž The 99% CPU causes packet losses to/ from the participants that reside in same Line Card with the attacker
ž Drops the unknown unicast packets in hardware ž Tested successfully can reduce the 99% CPU down to 1%!! ž Record down any packets that are denied by incoming L2 access list to syslog ž This will fasten the troubleshooting during BUM attack
ž Helps to identify the source of BUM attack ž Shows the source attack port and the related source and destination MAC address ž The logging can be very noisy •  Cisco devices send the periodic L2 related packets to the specified destination MAC address •  These packets are categorized as unknown unicast since the destination MAC address is not owned by any participants in the same VPLS VLAN
ž We still able to drop unknown unicast packets in hardware without enabling logging to syslog ž We just need to remove the deny any any statement at the end of the access-list ž We need to use other monitoring tools like MRTG, INMON, or others to identify the source of BUM attacks
For sharing/question/discussion: jhalim10@gmail.com

Recommandé

Injectionofattacksinmanets
InjectionofattacksinmanetsInjectionofattacksinmanets
Injectionofattacksinmanets
Venkatesh Devam ☁
 
Net Security Basic
Net Security BasicNet Security Basic
Net Security Basic
phanleson
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...
Ecway Technologies
 
The Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest RubricThe Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest Rubric
u1032565
 
Promoting your business flyer
Promoting your business flyerPromoting your business flyer
Promoting your business flyer
dgamache
 
La perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perezLa perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perez
mariaperezgamboa
 
Presentation islam
Presentation islamPresentation islam
Presentation islam
Zinat Tamami
 
Dba i 9i
Dba i 9iDba i 9i
Dba i 9i
Danyer Valencia Llamoca
 

Recommandé

Injectionofattacksinmanets
InjectionofattacksinmanetsInjectionofattacksinmanets
Injectionofattacksinmanets
Venkatesh Devam ☁
 
Net Security Basic
Net Security BasicNet Security Basic
Net Security Basic
phanleson
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...
Ecway Technologies
 
The Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest RubricThe Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest Rubric
u1032565
 
Promoting your business flyer
Promoting your business flyerPromoting your business flyer
Promoting your business flyer
dgamache
 
La perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perezLa perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perez
mariaperezgamboa
 
Presentation islam
Presentation islamPresentation islam
Presentation islam
Zinat Tamami
 
Dba i 9i
Dba i 9iDba i 9i
Dba i 9i
Danyer Valencia Llamoca
 
Google chrome chromebooks
Google chrome chromebooksGoogle chrome chromebooks
Google chrome chromebooks
Brandon Raymo
 
From GNETS to Home School
From GNETS to Home SchoolFrom GNETS to Home School
From GNETS to Home School
eeniarrol
 
Sistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - EtecSistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - Etec
Benedict-BrandCrafters
 
Ambient project in eksis komunika
Ambient project in eksis komunikaAmbient project in eksis komunika
Ambient project in eksis komunika
Muhammad Hibatullah
 
Print ad porto
Print ad portoPrint ad porto
Print ad porto
Muhammad Hibatullah
 
Testing Your Sproutcore Presentation
Testing Your Sproutcore PresentationTesting Your Sproutcore Presentation
Testing Your Sproutcore Presentation
gmoeck
 
PKL_Report body
PKL_Report bodyPKL_Report body
PKL_Report body
Titis Rohmah M
 
Ppt media dealdy
Ppt media dealdyPpt media dealdy
Ppt media dealdy
Dealdy Fadilah
 
Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)
Biodas Unsoed
 
Agile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - EkitoAgile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - Ekito
Agile Toulouse
 
jQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days TorontojQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days Toronto
Ralph Whitbeck
 
Presentation kaka
Presentation kakaPresentation kaka
Presentation kaka
Zinat Tamami
 
Las Empresas Perdurables
Las Empresas Perdurables Las Empresas Perdurables
Las Empresas Perdurables
JosephYoko
 
Tugas 1
Tugas 1Tugas 1
Tugas 1
Gressi Dwiretno
 
Wc no
Wc noWc no
Wc no
Ivelina Dimova
 
Presentation biologi
Presentation biologiPresentation biologi
Presentation biologi
Zinat Tamami
 
merekrut dan mengelola sdm
merekrut dan mengelola sdmmerekrut dan mengelola sdm
merekrut dan mengelola sdm
ari wibawa
 
Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)
Ahmad Muno
 
Replik tergugat-i-done
Replik tergugat-i-doneReplik tergugat-i-done
Replik tergugat-i-done
Nicholas Dammen Jr
 
Дума и администрация о дорогах
Дума и администрация о дорогахДума и администрация о дорогах
Дума и администрация о дорогах
Ольга Бердецкая
 
Vlan
VlanVlan
Vlan
PAF-KIET
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
saloni mittal
 

Contenu connexe

En vedette

Google chrome chromebooks
Google chrome chromebooksGoogle chrome chromebooks
Google chrome chromebooks
Brandon Raymo
 
From GNETS to Home School
From GNETS to Home SchoolFrom GNETS to Home School
From GNETS to Home School
eeniarrol
 
Presentation biologi
Presentation biologiPresentation biologi
Presentation biologi
Zinat Tamami
 

En vedette (20)

Google chrome chromebooks
Google chrome chromebooksGoogle chrome chromebooks
Google chrome chromebooks
 
From GNETS to Home School
From GNETS to Home SchoolFrom GNETS to Home School
From GNETS to Home School
 
Sistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - EtecSistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - Etec
 
Ambient project in eksis komunika
Ambient project in eksis komunikaAmbient project in eksis komunika
Ambient project in eksis komunika
 
Print ad porto
Print ad portoPrint ad porto
Print ad porto
 
Testing Your Sproutcore Presentation
Testing Your Sproutcore PresentationTesting Your Sproutcore Presentation
Testing Your Sproutcore Presentation
 
PKL_Report body
PKL_Report bodyPKL_Report body
PKL_Report body
 
Ppt media dealdy
Ppt media dealdyPpt media dealdy
Ppt media dealdy
 
Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)
 
Agile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - EkitoAgile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - Ekito
 
jQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days TorontojQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days Toronto
 
Presentation kaka
Presentation kakaPresentation kaka
Presentation kaka
 
Las Empresas Perdurables
Las Empresas Perdurables Las Empresas Perdurables
Las Empresas Perdurables
 
Tugas 1
Tugas 1Tugas 1
Tugas 1
 
Wc no
Wc noWc no
Wc no
 
Presentation biologi
Presentation biologiPresentation biologi
Presentation biologi
 
merekrut dan mengelola sdm
merekrut dan mengelola sdmmerekrut dan mengelola sdm
merekrut dan mengelola sdm
 
Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)
 
Replik tergugat-i-done
Replik tergugat-i-doneReplik tergugat-i-done
Replik tergugat-i-done
 
Дума и администрация о дорогах
Дума и администрация о дорогахДума и администрация о дорогах
Дума и администрация о дорогах
 

Similaire à Unknown Unicast Storm Control in Internet Exchange

Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
ssamit1
 
Networkin new
Networkin newNetworkin new
Networkin new
rajujast
 
Sen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmission
Senetas
 

Similaire à Unknown Unicast Storm Control in Internet Exchange (20)

Vlan
VlanVlan
Vlan
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Nat
 
Firewall
FirewallFirewall
Firewall
 
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
 
Firewall
FirewallFirewall
Firewall
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate Environment
 
Networkin new
Networkin newNetworkin new
Networkin new
 
Firewalls
FirewallsFirewalls
Firewalls
 
Vmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologiesVmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologies
 
Vmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologiesVmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologies
 
Firewall
FirewallFirewall
Firewall
 
Sen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmission
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 

Plus de Jimmy Lim

Managing Global Distributed Network
Managing Global Distributed NetworkManaging Global Distributed Network
Managing Global Distributed Network
Jimmy Lim
 
IDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlareIDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlare
Jimmy Lim
 

Plus de Jimmy Lim (6)

Managing Global Distributed Network
Managing Global Distributed NetworkManaging Global Distributed Network
Managing Global Distributed Network
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practice
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
 
IDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlareIDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlare
 
MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016
 
Moving Away From OpenBGPd to BIRD?
Moving Away From OpenBGPd to BIRD?Moving Away From OpenBGPd to BIRD?
Moving Away From OpenBGPd to BIRD?
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Unknown Unicast Storm Control in Internet Exchange

  • 2. ž This is the continuation of the Broadcast and Multicast Storm Control in Internet Exchange topic that I shared in March 2013 ž This presentation hopefully finalizes the BUM (Broadcast, Unkown Unicast, and Multicast) storm protection in Internet Exchange ž This is for discussion and sharing purposes
  • 3. ž Unicast packets with unknown destination MAC addresses ž The packets will travel to all members in the same VLAN ž Creates security concern in Internet Exchange platform since all members are sharing the same VLAN
  • 4. ž Causes 99% high CPU in the Line Card where the attack comes from ž VPLS CPU protection in Brocade is not protecting ž The unknown unicast limit threshold in Brocade is not protecting ž The 99% CPU causes packet losses to/ from the participants that reside in same Line Card with the attacker
  • 5. ž Drops the unknown unicast packets in hardware ž Tested successfully can reduce the 99% CPU down to 1%!! ž Record down any packets that are denied by incoming L2 access list to syslog ž This will fasten the troubleshooting during BUM attack
  • 6.
  • 7. ž Helps to identify the source of BUM attack ž Shows the source attack port and the related source and destination MAC address ž The logging can be very noisy •  Cisco devices send the periodic L2 related packets to the specified destination MAC address •  These packets are categorized as unknown unicast since the destination MAC address is not owned by any participants in the same VPLS VLAN
  • 8.
  • 9.
  • 10. ž We still able to drop unknown unicast packets in hardware without enabling logging to syslog ž We just need to remove the deny any any statement at the end of the access-list ž We need to use other monitoring tools like MRTG, INMON, or others to identify the source of BUM attacks