Whitelist: list of valid users or priority users
Blacklist: list of invalid users
Customer-defined flows: attack-defense ACL rules defined by the customer
For certain types of packets, you need to know which ones are trusted packets and which are attack packets. Then, through manual configuration you can enable trusted packets to be sent at high priority and attack packets to be dropped.
Upon receiving a packet that matches the whitelist of the ACL, the forwarding engine gives the packet a high priority and sends it at a high rate.
Upon receiving a packet that matches the blacklist of the ACL, the forwarding engine gives the packet a low priority or discards it.
Upon receiving a packet that matches the customer-defined flow of the ACL, the forwarding engine gives the packet the configured priority and sends it at the configured rate.
You can adjust the matching sequence through commands. The default sequence is whitelist, blacklist, and customer-defined flow.
Use commands to bind a blacklist, whitelist, and customer-defined flow to the ACL. Then, the device delivers ACL rules and actions. The sequence of delivering ACL rules and actions must be the same as the matching sequence of the whitelist, blacklist, and customer-defined flow.
Upon receiving a packet, the forwarding engine matches the packet with the ACL. Then, the forwarding engine gives a priority to the packet and sends it at a CAR according to the particular action of the matching ACL rule.