Netgear XSM4348CS Product Data Sheet - Page 11
OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area NSSA Option
View all Netgear XSM4348CS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 11 highlights
ProSAFE® Intelligent Edge Managed Switches Data Sheet M4300 series Advanced OSPF implementation for large routing domains • OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option • Forwarding of OSPF Opaque LSAs is enabled by default • Passive interface feature can disable sending OSPF routing updates on an interface • Static Area Range Costs feature allows to configure a fixed OSPF cost that is always advertised when an area range is active • OSPF Equal Cost Multipath (ECMP) feature allows to forward traffic through multiple paths, taking advantage of more bandwidth • ECMP routes can be learned dynamically, or configured statically with multiple static routes to same destination but with different next hops • OSPF Max Metric feature allows to to override the metric in summary type 3 and type 4 LSAs while in stub router mode • Automatic Exiting of Stub Router Mode feature allows to exit stub router mode, reoriginating the router LSA with proper metric values on transit links • Static Area Range Costs feature allows to configure a fixed OSPF cost that is always advertised when an area range is active OSPF LSA Pacing feature improves the efficiency of LSA flooding, reducing or eliminating the packet drops caused by bursts in OSPF control packets • LSA transmit pacing limits the rate of LS Update packets that OSPF can send • With LSA refresh groups, OSPF efficiently bundles LSAs into LS Update packets when periodically refreshing self-originated LSAs OSPF Flood Blocking feature allows to disable LSA flooding on an interface with area or AS (domainwide) scope • In that case, OSPF does not advertise any LSAs with area or AS scope in its database description packets sent to neighbors OSPF Transit-Only Network Hiding is supported based on RFC 6860 with transit-only network defined as a network connecting only routers • Transit-only networks are usually configured with routable IP addresses which are advertised in LSAs but are not needed for data traffic • If router-to-router subnets are advertised, remote attacks can be launched against routers by sending packets to these transit-only networks • Hiding transit-only networks speeds up network convergence and reduces vulnerability to remote attacks • 'Hiding' implies that the prefixes are not installed in the routing tables on OSPFv2 and OSPFv3 routers IP Multinetting allows to configure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing) ICMP Throttling feature adds configuration options for • ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert the transmission of various types of ICMP messages packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets • ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers • Rate limiting ICMP error messages protects the local router and the network from sending a large number of messages that take CPU and bandwidth The Policy Based Routing feature (PBR) overrides routing decision taken by the router and makes the packet to follow different actions based on a policy • It provides freedom over packet routing/forwarding instead of leaving the control to standard routing protocols based on L3 • For instance, some organizations would like to dictate paths instead of following the paths shown by routing protocols • Network Managers/Administrators can set up policies such as: --My network will not carry traffic from the Engineering department --Traffic originating within my network with the following characteristics will take path A, while other traffic will take path B --When load sharing needs to be done for the incoming traffic across multiple paths based on packet entities in the incoming traffic Enterprise security Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks Page 11 of 49