About Link Protection
With the increasing adoption of virtualization in system configurations,
guest virtual machines (VMs) can be given exclusive access to a physical or
virtual link by the host administrator. This configuration improves network
performance by allowing the virtual environment's network traffic to be isolated
from the wider traffic that is received or sent by the host system. At the
same time, this configuration can expose the system and the entire network
to the risk of harmful packets that a guest environment might generate.
Link protection aims to prevent the damage
that can be caused by potentially malicious guest VMs to the network. The
feature offers protection from the following basic threats:
IP, DHCP, and MAC spoofing
L2 frame spoofing such as Bridge Protocol Data Unit (BPDU)
Note - Link protection does not replace the deployment of a firewall,
particularly for configurations with complex filtering requirements.