SlideShare a Scribd company logo

Unknown Unicast Storm Control in Internet Exchange

Jimmy Lim
Jimmy Lim

This presentation is the continuation of the presentation that I shared in March 2013 about Broadcast and Multicast Storm control in IX. Hopefully this presentation finalises the BUM storm control in Internet Exchange. Feel free to discuss and share!! Thanks, Jimmy

Technology
1 of 11
May 2013 Jimmy Halim jhalim10@gmail.com
ž This is the continuation of the Broadcast and Multicast Storm Control in Internet Exchange topic that I shared in March 2013 ž This presentation hopefully finalizes the BUM (Broadcast, Unkown Unicast, and Multicast) storm protection in Internet Exchange ž This is for discussion and sharing purposes
ž Unicast packets with unknown destination MAC addresses ž The packets will travel to all members in the same VLAN ž Creates security concern in Internet Exchange platform since all members are sharing the same VLAN
ž Causes 99% high CPU in the Line Card where the attack comes from ž VPLS CPU protection in Brocade is not protecting ž The unknown unicast limit threshold in Brocade is not protecting ž The 99% CPU causes packet losses to/ from the participants that reside in same Line Card with the attacker
ž Drops the unknown unicast packets in hardware ž Tested successfully can reduce the 99% CPU down to 1%!! ž Record down any packets that are denied by incoming L2 access list to syslog ž This will fasten the troubleshooting during BUM attack
ž Helps to identify the source of BUM attack ž Shows the source attack port and the related source and destination MAC address ž The logging can be very noisy •  Cisco devices send the periodic L2 related packets to the specified destination MAC address •  These packets are categorized as unknown unicast since the destination MAC address is not owned by any participants in the same VPLS VLAN
ž We still able to drop unknown unicast packets in hardware without enabling logging to syslog ž We just need to remove the deny any any statement at the end of the access-list ž We need to use other monitoring tools like MRTG, INMON, or others to identify the source of BUM attacks
For sharing/question/discussion: jhalim10@gmail.com

Recommended

Injectionofattacksinmanets
InjectionofattacksinmanetsInjectionofattacksinmanets
Injectionofattacksinmanets
Venkatesh Devam ☁
 
Net Security Basic
Net Security BasicNet Security Basic
Net Security Basic
phanleson
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...
Ecway Technologies
 
The Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest RubricThe Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest Rubric
u1032565
 
Promoting your business flyer
Promoting your business flyerPromoting your business flyer
Promoting your business flyer
dgamache
 
La perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perezLa perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perez
mariaperezgamboa
 
Presentation islam
Presentation islamPresentation islam
Presentation islam
Zinat Tamami
 
Dba i 9i
Dba i 9iDba i 9i
Dba i 9i
Danyer Valencia Llamoca
 

Recommended

Injectionofattacksinmanets
InjectionofattacksinmanetsInjectionofattacksinmanets
Injectionofattacksinmanets
Venkatesh Devam ☁
 
Net Security Basic
Net Security BasicNet Security Basic
Net Security Basic
phanleson
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...
Ecway Technologies
 
The Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest RubricThe Sorting Machine Web Quest Rubric
The Sorting Machine Web Quest Rubric
u1032565
 
Promoting your business flyer
Promoting your business flyerPromoting your business flyer
Promoting your business flyer
dgamache
 
La perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perezLa perdurabilidad en las empresas familiares maria perez
La perdurabilidad en las empresas familiares maria perez
mariaperezgamboa
 
Presentation islam
Presentation islamPresentation islam
Presentation islam
Zinat Tamami
 
Dba i 9i
Dba i 9iDba i 9i
Dba i 9i
Danyer Valencia Llamoca
 
Google chrome chromebooks
Google chrome chromebooksGoogle chrome chromebooks
Google chrome chromebooks
Brandon Raymo
 
From GNETS to Home School
From GNETS to Home SchoolFrom GNETS to Home School
From GNETS to Home School
eeniarrol
 
Sistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - EtecSistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - Etec
Benedict-BrandCrafters
 
Ambient project in eksis komunika
Ambient project in eksis komunikaAmbient project in eksis komunika
Ambient project in eksis komunika
Muhammad Hibatullah
 
Print ad porto
Print ad portoPrint ad porto
Print ad porto
Muhammad Hibatullah
 
Testing Your Sproutcore Presentation
Testing Your Sproutcore PresentationTesting Your Sproutcore Presentation
Testing Your Sproutcore Presentation
gmoeck
 
PKL_Report body
PKL_Report bodyPKL_Report body
PKL_Report body
Titis Rohmah M
 
Ppt media dealdy
Ppt media dealdyPpt media dealdy
Ppt media dealdy
Dealdy Fadilah
 
Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)
Biodas Unsoed
 
Agile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - EkitoAgile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - Ekito
Agile Toulouse
 
jQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days TorontojQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days Toronto
Ralph Whitbeck
 
Presentation kaka
Presentation kakaPresentation kaka
Presentation kaka
Zinat Tamami
 
Las Empresas Perdurables
Las Empresas Perdurables Las Empresas Perdurables
Las Empresas Perdurables
JosephYoko
 
Tugas 1
Tugas 1Tugas 1
Tugas 1
Gressi Dwiretno
 
Wc no
Wc noWc no
Wc no
Ivelina Dimova
 
Presentation biologi
Presentation biologiPresentation biologi
Presentation biologi
Zinat Tamami
 
merekrut dan mengelola sdm
merekrut dan mengelola sdmmerekrut dan mengelola sdm
merekrut dan mengelola sdm
ari wibawa
 
Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)
Ahmad Muno
 
Replik tergugat-i-done
Replik tergugat-i-doneReplik tergugat-i-done
Replik tergugat-i-done
Nicholas Dammen Jr
 
Дума и администрация о дорогах
Дума и администрация о дорогахДума и администрация о дорогах
Дума и администрация о дорогах
Ольга Бердецкая
 
Vlan
VlanVlan
Vlan
PAF-KIET
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
saloni mittal
 

More Related Content

Viewers also liked

Google chrome chromebooks
Google chrome chromebooksGoogle chrome chromebooks
Google chrome chromebooks
Brandon Raymo
 
From GNETS to Home School
From GNETS to Home SchoolFrom GNETS to Home School
From GNETS to Home School
eeniarrol
 
Presentation biologi
Presentation biologiPresentation biologi
Presentation biologi
Zinat Tamami
 

Viewers also liked (20)

Google chrome chromebooks
Google chrome chromebooksGoogle chrome chromebooks
Google chrome chromebooks
 
From GNETS to Home School
From GNETS to Home SchoolFrom GNETS to Home School
From GNETS to Home School
 
Sistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - EtecSistemas visuais do cotidiano - Etec
Sistemas visuais do cotidiano - Etec
 
Ambient project in eksis komunika
Ambient project in eksis komunikaAmbient project in eksis komunika
Ambient project in eksis komunika
 
Print ad porto
Print ad portoPrint ad porto
Print ad porto
 
Testing Your Sproutcore Presentation
Testing Your Sproutcore PresentationTesting Your Sproutcore Presentation
Testing Your Sproutcore Presentation
 
PKL_Report body
PKL_Report bodyPKL_Report body
PKL_Report body
 
Ppt media dealdy
Ppt media dealdyPpt media dealdy
Ppt media dealdy
 
Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)Mekanisme Evolusi 1 A ( Ch 22)
Mekanisme Evolusi 1 A ( Ch 22)
 
Agile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - EkitoAgile Tour Toulouse 2015 - Ekito
Agile Tour Toulouse 2015 - Ekito
 
jQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days TorontojQuery For Developers Stack Overflow Dev Days Toronto
jQuery For Developers Stack Overflow Dev Days Toronto
 
Presentation kaka
Presentation kakaPresentation kaka
Presentation kaka
 
Las Empresas Perdurables
Las Empresas Perdurables Las Empresas Perdurables
Las Empresas Perdurables
 
Tugas 1
Tugas 1Tugas 1
Tugas 1
 
Wc no
Wc noWc no
Wc no
 
Presentation biologi
Presentation biologiPresentation biologi
Presentation biologi
 
merekrut dan mengelola sdm
merekrut dan mengelola sdmmerekrut dan mengelola sdm
merekrut dan mengelola sdm
 
Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)Pertemuan ke 2 (perangkat keras)
Pertemuan ke 2 (perangkat keras)
 
Replik tergugat-i-done
Replik tergugat-i-doneReplik tergugat-i-done
Replik tergugat-i-done
 
Дума и администрация о дорогах
Дума и администрация о дорогахДума и администрация о дорогах
Дума и администрация о дорогах
 

Similar to Unknown Unicast Storm Control in Internet Exchange

Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
ssamit1
 
Networkin new
Networkin newNetworkin new
Networkin new
rajujast
 
Sen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmission
Senetas
 

Similar to Unknown Unicast Storm Control in Internet Exchange (20)

Vlan
VlanVlan
Vlan
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Nat
 
Firewall
FirewallFirewall
Firewall
 
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
Casting in CN: UNICAST,MULTICAST,BROADCAST, MONALISA HATI,COMPUTER NETWORK, B...
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
 
Firewall
FirewallFirewall
Firewall
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate Environment
 
Networkin new
Networkin newNetworkin new
Networkin new
 
Firewalls
FirewallsFirewalls
Firewalls
 
Vmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologiesVmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologies
 
Vmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologiesVmware vsan-layer2-and-layer3-network-topologies
Vmware vsan-layer2-and-layer3-network-topologies
 
Firewall
FirewallFirewall
Firewall
 
Sen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmission
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 

More from Jimmy Lim

Managing Global Distributed Network
Managing Global Distributed NetworkManaging Global Distributed Network
Managing Global Distributed Network
Jimmy Lim
 
IDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlareIDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlare
Jimmy Lim
 

More from Jimmy Lim (6)

Managing Global Distributed Network
Managing Global Distributed NetworkManaging Global Distributed Network
Managing Global Distributed Network
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practice
 
The bond between automation and network engineering
The bond between automation and network engineeringThe bond between automation and network engineering
The bond between automation and network engineering
 
IDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlareIDNOG3-Jimmy-CloudFlare
IDNOG3-Jimmy-CloudFlare
 
MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016MY Orange Cloud - MyIX Peering Forum 2016
MY Orange Cloud - MyIX Peering Forum 2016
 
Moving Away From OpenBGPd to BIRD?
Moving Away From OpenBGPd to BIRD?Moving Away From OpenBGPd to BIRD?
Moving Away From OpenBGPd to BIRD?
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

Unknown Unicast Storm Control in Internet Exchange

  • 2. ž This is the continuation of the Broadcast and Multicast Storm Control in Internet Exchange topic that I shared in March 2013 ž This presentation hopefully finalizes the BUM (Broadcast, Unkown Unicast, and Multicast) storm protection in Internet Exchange ž This is for discussion and sharing purposes
  • 3. ž Unicast packets with unknown destination MAC addresses ž The packets will travel to all members in the same VLAN ž Creates security concern in Internet Exchange platform since all members are sharing the same VLAN
  • 4. ž Causes 99% high CPU in the Line Card where the attack comes from ž VPLS CPU protection in Brocade is not protecting ž The unknown unicast limit threshold in Brocade is not protecting ž The 99% CPU causes packet losses to/ from the participants that reside in same Line Card with the attacker
  • 5. ž Drops the unknown unicast packets in hardware ž Tested successfully can reduce the 99% CPU down to 1%!! ž Record down any packets that are denied by incoming L2 access list to syslog ž This will fasten the troubleshooting during BUM attack
  • 6.
  • 7. ž Helps to identify the source of BUM attack ž Shows the source attack port and the related source and destination MAC address ž The logging can be very noisy •  Cisco devices send the periodic L2 related packets to the specified destination MAC address •  These packets are categorized as unknown unicast since the destination MAC address is not owned by any participants in the same VPLS VLAN
  • 8.
  • 9.
  • 10. ž We still able to drop unknown unicast packets in hardware without enabling logging to syslog ž We just need to remove the deny any any statement at the end of the access-list ž We need to use other monitoring tools like MRTG, INMON, or others to identify the source of BUM attacks