Fortinet, Inc.
MITIGATING EFFECTS OF FLOODING ATTACKS ON A FORWARDING DATABASE

Abstract:

Systems and methods for mitigating effects of source-MAC flooding attacks on a forwarding database (FDB) that maps MAC addresses to EMACVLAN sub-interfaces of a physical Ethernet interface are provided. A VDOM operating in transparent mode receives an ingress packet an internal switch running on the virtualized network device via the sub-interface. When an entry, having a MAC address corresponding to a source MAC address of the ingress packet, does not exist in FDB: an entry containing the source MAC address and information regarding the sub-interface is created in FDB and the entry is queued for confirmation at a tail of an ephemeral queue. When a total number of entries contained in FDB reach a predetermined threshold, an unconfirmed entry at a head of ephemeral queue is removed from FDB. When the entry is recognized as a confirmed entry, the entry is retained in FDB and is unlinked from ephemeral queue.