Overview of Device Security

This section describes device security, its purpose, and its advantages.


To ensure its security, the device categorizes packets sent from the interface boards to the CPU on the main control board according to the protocol granularity and then filters out attack packets using features, such as local Unicast Reverse Path Forwarding (URPF), TCP/IP attack defense, application layer association, management and service plane protection, Generalized TTL Security Mechanism (GTSM), and dynamic link protection. This way, the device protects the services for which connections have been established. In addition, the device drops malformed packets, spoofing packets, and service packets that are not originated at the network processor (NP), to prevent unnecessary packet processing on the CPU and improve device security.

The device supports the following security features:

  • Application layer association

  • Management plane protection

  • TCP/IP attack defense

  • URPF
  • Attack source tracing

  • Dynamic link protection

  • GTSM

  • TM Multi-Level scheduling

  • CP-CAR and Host-CAR

  • Whitelist, blacklist, and customer-defined flows

  • Alarm


Devices that connect to the Internet are vulnerable to attacks. Therefore, devices must analyze attack packets in real time to eliminate threats, filter out attack packets, and trace attack sources to prevent repeated attacks. Device security ensures device stability, which enables the uninterrupted provision of services and improves user experience. Devices may face the following threats:
  • Unauthorized users remotely accessing NetEngine 8000 Fs.

  • Malicious users exploiting TCP/IP vulnerabilities to attack the NetEngine 8000 F protocol stacks.

  • Large numbers of packets flooding the upstream channel of NetEngine 8000 Fs.

  • Denial of Service (DoS) attacks consuming CPU and system memory resources.

  • Forged source IP addresses spoofing NetEngine 8000 Fs, which wastes forwarding entries and CPU resources.


Device security offers the following benefits:

Services are not affected in case of attacks on the device, the device can work stably, and the quality of service (QoS) is guaranteed.

Service reliability is enhanced.

Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >