Flow Setup Throttling (FST) is a proactive feature designed to mitigate zero-day threats and Denial of Service (DoS) attacks before they can wreak havoc on the network. FST directly combats the effects of zero-day and DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port. This feature, combined with other Extreme Networks security solutions, can slow down and even stop viruses before the available network bandwidth is saturated. This is achieved by monitoring the new flow arrival rate and controlling the maximum number of allowable flows. The FST processes are defined and administered by means of the enterasys-flow-limiting-mib.
FST lets you define port behaviors using a set of up to 10 port classification types. Each port classification type is configured for a low- and high-limit flow threshold. When the number of active flows on a port reaches a threshold, the action associated with that threshold is taken. Actions include sending SNMP traps, dropping flows that exceed a threshold, and disabling interfaces.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB