Fortinet, Inc.
Mitigating effects of flooding attacks on a forwarding database

Abstract:

Systems and methods for mitigating effects of source-Media Access Control (MAC) flooding attacks on a forwarding database (FDB) that maps MAC addresses to enhanced MAC Virtual Local Area Network (EMACVLAN) sub-interfaces of a physical Ethernet interface are provided. A Virtual Domain (VDOM) operating in transparent mode receives an ingress packet by an internal switch running on the virtualized network device via a sub-interface. When an entry, corresponding to a source MAC address of the ingress packet, does not exist in the FDB, an appropriate entry is created in the FDB and the entry is queued for confirmation at a tail of an ephemeral queue. When a total number of entries contained in the FDB reaches a predetermined threshold, an unconfirmed entry at a head of the queue is removed from the FDB. When the entry is confirmed, it is retained in the FDB and is unlinked from the queue.