Note: ACK Flood defense principle: First, when the ACK packet rate exceeds the threshold, start session check: (If the cleaning device checks that the ACK packet does not hit the session, there are 2 processing modes, (strict mode - - The strict mode is recommended in the network where the route is deployed. If the cleaning device does not check the established session, the device discards the packet. The basic mode: When the bypass is deployed, the device is cleaned before the session is established. The session is not detected. In this case, the basic mode is recommended. That is, when the ACK packet rate exceeds the threshold for a period of time, the session check is started. The device first passes several ACK packets to establish a session. Check the session to determine whether to discard the packet. Second, if the cleaning device checks the ACK packet to hit the session, check the session creation reason). The second is that the load check is performed by the cleaning device to check the payload of the ACK packet. If the payloads are all consistent (if the payload content is all 1), the packet is discarded. The third is to check the reason for the session creation if the cleaning device checks that the ACK packet hits the session. The fourth is if the session is by SYN or SYN-

If the ACK packet is built, the packet is allowed to pass. If the session is created by another packet (for example, an ACK packet), the packet inspection result is checked. The packet with the correct sequence number is allowed to pass, and the incorrect packet is discarded. The payload check can be enabled only if "session check" is enabled, and the payload check is performed on the packets passed by the session check.