Above the access layer, most networking equipment have their architecture divided into two main components – the forwarding plane and the control plane. Understandably, the forwarding plane looks up the next-hop and forwards packets with customized hardware ASICs or highly optimized software algorithms.

The control plane however, is a different thing altogether. Charged with the responsibility of processing routing information and managing the network management processes and protocols such as SNMP and ICMP, the control plane delegates as much packet routing functionality as possible to the forwarding plane and should be kept free of unnecessary traffic.

However Denial of Services (DoS) attacks on network infrastructure are sometimes directed at the control plane due to the inherent CPU intensive nature of the processes running on the control plane. This makes it important to implement some form of policing on traffic that is directed to the control plane.

Cisco’s implementation of this is similar to the Modular QoS CLI (MQC) that allows you to define and apply QoS policies on a per interface basis. More info here:  Control Plane Policing – ( cisco.com )

Related posts:

1. BGP Man in the Middle Attacks
2. Community DNS
3. Serious Broadband, Seriously Cool
4. Africa Online Kenya
5. Project RIS