Control Plane Protections

3 types of sub-interfaces

1) Control-plane host sub-interface

2) Control-plane transit sub-interface

3) Control-plane cef-exception sub-interface

1) Control-plane host sub-interface

directly destined for 1 of router's interface
Example,

• tunnel termination traffic
• Management protocols (SSH, SNMP, etc)
• Routing protocols (BGP, OSPF, EIGRP, etc)

* Non-IP based Layer 2 protocols (ARP, CDP, etc) is classified in CEF-execption sub-interface.

** The port-filter feature policy can be applied only to the control-plane host subinterface

2) Control-plane transit sub-interface

software switched by the Route Processor (RP). traffic which is not destined to the router itself, but traversing traffic.

3) Control-plane CEF-exception sub-interface

This control-plane subinterface receives all traffic that is either redirected as a result of a configured input feature in the CEF packet forwarding path for process switching or directly enqueued in the control plane input queue by the interface driver (i.e. ARP, L2 Keepalives and all non-IP host traffic). Control Plane Protection allows specific aggregate policing of this type of control plane traffic.