You can configure dynamic link protection to allow protocol packets used to establish sessions to be preferentially sent to the CPU when the bandwidth is guaranteed.
As various network protocol packets exist on a network, protocol packets that require sessions to be established, such as BGP, IS-IS, and FTP protocol packets, need sufficient bandwidth for session establishment. In the case of insufficient bandwidth, packets used to establish sessions are dropped, causing the protocol sessions not to be established. When the dynamic link protection function is enabled, after a protocol session is established, sufficient bandwidth can be allocated to ensure uninterrupted protocol sessions.
In VS mode, this feature is supported only by the admin VS.
The system view is displayed.
The attack defense policy view is displayed.
The dynamic link protection function is enabled.
The configuration is committed.
After configuring interface-based CAR, check the configurations.
Run the display cpu-defend policy policy-number command to view information about the user-defined attack defense policy.