Netgear XSM4348CS Product Data Sheet - Page 11

OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area NSSA Option

Get Netgear XSM4348CS PDF manuals and user guides View all Netgear XSM4348CS manuals
Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

ProSAFE® Intelligent Edge Managed Switches Data Sheet M4300 series Advanced OSPF implementation for large routing domains • OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option • Forwarding of OSPF Opaque LSAs is enabled by default • Passive interface feature can disable sending OSPF routing updates on an interface • Static Area Range Costs feature allows to configure a fixed OSPF cost that is always advertised when an area range is active • OSPF Equal Cost Multipath (ECMP) feature allows to forward traffic through multiple paths, taking advantage of more bandwidth • ECMP routes can be learned dynamically, or configured statically with multiple static routes to same destination but with different next hops • OSPF Max Metric feature allows to to override the metric in summary type 3 and type 4 LSAs while in stub router mode • Automatic Exiting of Stub Router Mode feature allows to exit stub router mode, reoriginating the router LSA with proper metric values on transit links • Static Area Range Costs feature allows to configure a fixed OSPF cost that is always advertised when an area range is active OSPF LSA Pacing feature improves the efficiency of LSA flooding, reducing or eliminating the packet drops caused by bursts in OSPF control packets • LSA transmit pacing limits the rate of LS Update packets that OSPF can send • With LSA refresh groups, OSPF efficiently bundles LSAs into LS Update packets when periodically refreshing self-originated LSAs OSPF Flood Blocking feature allows to disable LSA flooding on an interface with area or AS (domainwide) scope • In that case, OSPF does not advertise any LSAs with area or AS scope in its database description packets sent to neighbors OSPF Transit-Only Network Hiding is supported based on RFC 6860 with transit-only network defined as a network connecting only routers • Transit-only networks are usually configured with routable IP addresses which are advertised in LSAs but are not needed for data traffic • If router-to-router subnets are advertised, remote attacks can be launched against routers by sending packets to these transit-only networks • Hiding transit-only networks speeds up network convergence and reduces vulnerability to remote attacks • 'Hiding' implies that the prefixes are not installed in the routing tables on OSPFv2 and OSPFv3 routers IP Multinetting allows to configure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing) ICMP Throttling feature adds configuration options for • ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert the transmission of various types of ICMP messages packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets • ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers • Rate limiting ICMP error messages protects the local router and the network from sending a large number of messages that take CPU and bandwidth The Policy Based Routing feature (PBR) overrides routing decision taken by the router and makes the packet to follow different actions based on a policy • It provides freedom over packet routing/forwarding instead of leaving the control to standard routing protocols based on L3 • For instance, some organizations would like to dictate paths instead of following the paths shown by routing protocols • Network Managers/Administrators can set up policies such as: --My network will not carry traffic from the Engineering department --Traffic originating within my network with the following characteristics will take path A, while other traffic will take path B --When load sharing needs to be done for the incoming traffic across multiple paths based on packet entities in the incoming traffic Enterprise security Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks Page 11 of 49

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
Advanced OSPF implementation for large routing
domains
OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option
Forwarding of OSPF Opaque LSAs is enabled by default
Passive interface feature can disable sending OSPF routing updates on an interface
Static Area Range Costs feature allows to configure a fixed OSPF cost that is always advertised when an
area range is active
OSPF Equal Cost Multipath (ECMP) feature allows to forward traffic through multiple paths, taking advan-
tage of more bandwidth
ECMP routes can be learned dynamically, or configured statically with multiple static routes to same desti-
nation but with different next hops
OSPF Max Metric feature allows to to override the metric in summary type 3 and type 4 LSAs while in
stub router mode
Automatic Exiting of Stub Router Mode feature allows to exit stub router mode, reoriginating the router
LSA with proper metric values on transit links
Static Area Range Costs feature allows to configure a fixed OSPF cost that is always advertised when an
area range is active
OSPF LSA Pacing feature improves the efficiency of
LSA flooding, reducing or eliminating the packet drops
caused by bursts in OSPF control packets
LSA transmit pacing limits the rate of LS Update packets that OSPF can send
With LSA refresh groups, OSPF efficiently bundles LSAs into LS Update packets when periodically refresh-
ing self-originated LSAs
OSPF Flood Blocking feature allows to disable LSA
flooding on an interface with area or AS (domain-
wide) scope
In that case, OSPF does not advertise any LSAs with area or AS scope in its database description packets
sent to neighbors
OSPF Transit-Only Network Hiding is supported based
on RFC 6860 with transit-only network defined as a
network connecting only routers
Transit-only networks are usually configured with routable IP addresses which are advertised in LSAs but
are not needed for data traffic
If router-to-router subnets are advertised,
remote attacks can be launched against routers by sending
packets to these transit-only networks
Hiding transit-only networks speeds up network convergence and reduces vulnerability to remote attacks
‘Hiding’ implies that the prefixes are not installed in the routing tables on OSPFv2 and OSPFv3 routers
IP Multinetting allows to configure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing)
ICMP Throttling feature adds configuration options for
the transmission of various types of ICMP messages
ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert
packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets
ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers
Rate limiting ICMP error messages protects the local router and the network from sending a large number
of messages that take CPU and bandwidth
The Policy Based Routing feature (PBR) overrides
routing decision taken by the router and makes the
packet to follow different actions based on a policy
It provides freedom over packet routing/forwarding instead of leaving the control to standard routing
protocols based on L3
For instance, some organizations would like to dictate paths instead of following the paths shown by
routing protocols
Network Managers/Administrators can set up policies such as:
My network will not carry traffic from the Engineering department
Traffic originating within my network with the following characteristics will take path A, while other traf-
fic will take path B
When load sharing needs to be done for the incoming traffic across multiple paths based on packet enti-
ties in the incoming traffic
Enterprise security
Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security
and block MAC address flooding issues
DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP
address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks
ProSAFE® Intelligent Edge Managed Switches
Data Sheet
M4300 series
Page 11 of 49