HP 3500yl, 5200zl manual

Page 52

Virus Throttle works by intercepting IP connection requests, that is, connections in which the source subnet and destination address are different. The Virus Throttle tracks the number of recently made connections. If a new, intercepted request is to a destination to which a connection was recently made, the request is processed as normal. If the request is to a destination that has not had a recent connection, the request is processed only if the number of recent connections is below a pre-set threshold. The threshold specifies how many connections are to be allowed over a set amount of time, thereby enforcing a connection rate limit. If the threshold is exceeded, because requests are coming in at an unusually high rate, it is taken as evidence of a virus. This causes the throttle to stop processing requests and, instead, to notify the system administrator.

This capability can be applied to most common Layer 4 through 7 session and application protocols, including TCP connections, UDP packets, SMTP, IMAP, Web Proxy, HTTP, SSL, and DNS— virtually any protocol where the normal traffic does not look like a virus spreading. For Virus Throttle to work, IP routing and multiple VLANs with member ports must first be configured.

Note that some protocols, such as NetBIOS and WINS, and some applications such as network management scanners, notification services, and p2p file sharing are not appropriate for Virus Throttle. These protocols and applications initiate a broad burst of network traffic that could be misinterpreted by the Virus Throttle technology as a threat.

On the HP ProCurve Switch 5400zl, 3500yl, and 6200yl series, Virus Throttle is implemented through connection-rate filtering. When connection-rate filtering is enabled on a port, the inbound routed traffic is monitored for a high rate of connection requests from any given host on the port. If a host appears to exhibit the worm-like behavior of attempting to establish a large number of outbound IP connections in a short period of time, the switch responds one the basis of how connection-rate filtering is configured.

52

Image 52

Contents HP ProCurve Switch 5400zl, 3500yl, and 6200yl Series Ospf Page Executive summary IntroductionProduct positioning OverviewHP ProCurve Switch 6200yl-24G-mGBIC HP ProCurve Switch 5400zl and 3500yl SeriesProVision Asic architecture Inside the ProVision Asic Architecture Classification and lookupPolicy Enforcement Engine Management subsystem Advanced capabilities of the product familyHP ProCurve Switch 5400zl Series ProCurve Switch 5400zl Chassis 5400zl chassis layoutHP ProCurve Switch 5406zl chassis layout Power supplies Power supply types System PoE powerFan tray Zl modules Management modulePower supply configurations HP ProCurve Switch 5400zl series line interface modules5406zl 5412zl Specifications Processor MemoryConsole port Auxiliary portPorts DescriptionMini-GBICs supported ordered separately Open mini-GBIC slots Transceivers supported ordered separately Maximum distanceHP ProCurve ONE Services zl Module J9289A Description HP ProCurve Radio Ports supported ordered separatelyHP ProCurve Switch 3500yl Series Page LED status indicators Additional line interface moduleHP ProCurve Switch 6200yl HP ProCurve Switch 6200yl-24G-mGBIC J8992A Security features Overview of features and benefitsPerformance Bandwidth shaping using QoS functionsConvergence Advanced classifier-based QoSLayer 2 switching Bridging protocolsRouting protocols IPv6Diagnostics ManagementFuture-proofing Low cost of ownershipStandards and protocols Device managementGeneral protocols IP MulticastMIBs Network managementCapacity and performance features comparison Performance and capacityQoS/Cos SecurityPer-port buffer sizes Optimizing the 10-GbE port configuration Page Throughput and latency performance data Gbps Gigabit performance traffic patterns HP ProCurve warranty and support Industry-leading warrantyAppendix a Premium License Intelligent Edge and Premium LicenseTask Manual Using Appendix B Policy Enforcement Engine Wire-speed performance for ACLs Policy Enforcement Engine benefitsGranular policy enforcement Hardware-based performanceAppendix C Power over Ethernet PoE device typesAdditional PoE power-external supplies Power delivery optionsPoE negotiation Appendix D PIM Sparse Mode Support for pre-802.3af standard powered devicesAppendix E LLDP-MED Appendix F Virus Throttle security Page Appendix G Vrrp Response optionsSensitivity Connection-rate ACLXrrp support on 5300xl switch Appendix H Ospf Equal Cost Multipath Appendix I Advanced Classifier-Based QoS Vlan IDAppendix J Server-to-Switch Distributed Trunking Limitations/RestrictionsLED status indicators for 5400zl series Appendix K TroubleshootingAn example of upstream traffic forwarding is as follows EPS LED LED status indicators for 3500yl and 6200yl series Temp On green Blinking orange Fan Status PoE Status Off Part numbers and Field Replaceable Units Part number ComponentPart number Component For more information