Chapter 13. Control Plane Policing
As explained in Chapter 12, “Introduction to Denial of Service Attacks,” the control plane is the most critical plane on a switch; a successful attack against it can potentially cause the most damage.
To mitigate attacks against the control plane, control plane policing (CoPP) was introduced. The idea is to inspect traffic destined to the control plane, to control what should be allowed, and to control how much of that traffic to accept.
CoPP gives added benefit over traditional access control lists (ACL) implemented on port level because it is now possible to specify which kind of flows are allowed but, at the same time, make sure they do not overwhelm a CPU.
An added benefit is that it is possible to implement ...
Get LAN Switch Security: What Hackers Know About Your Switches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
