Schedule a free product or technology session with Grandmetric Engineer
schedule a video call

Blog

IP and Mobile Trends and Education

 

Protect the Control Plane – part 1, trivial attack.

Author:


02.05.2016

How many of you use the control plane protection features given by vendor with the benefit of inventory? From what I see mostly, is very very rare practice to use CoPP. Most of network people haven’t even heard of it. “Because my network performs well, why should I protect control plane?” I need to start with few words about what control plane (CP) is. CP is the area of device logic responsible for taking decisions, process protocols (routing, switching), responds to requests (i.e. icmp echo reply), shortly CP is like brain of the device (you can also think of CP as CPU – in some reason this makes sense). As now it is becoming clear, we have something important to loose when CP is not properly protected. I will give you quick example. Having high end well known platform Catalyst 6509 of Cisco as stable core of network and any other device / pc which can generate icmp packets, I will shou you how quickly the core can become weak and unstable.

Let’s craft ICMP packet by sending large PING (ICMP echo 8 0) (attack similar to “Ping of Death” some say)

Dev1# ping 10.197.255.1 repeat 10000 time 1 size 12000

Observe then our high end platform CPU usage:

CORE1#sh processes cpu history

Protect the Control Plane

Just look at that, we cause the CORE platform to utilize the CPU up to 97% sending only 12000 size PING packet. Now you can imagine what if the CORE would handle multiple BGP sessions, OSPF sessions or perform other CPU related functions simultaneously?

Note! In the next article, namely “Protect the Control Plane – part 2, CoPP.” I’m showing how to quickly prevent the cause of potential network and services damage.

Author

Grandmetric

Grandmetric is an IT Next Generation Systems integration company helping clients with their IT transformation, infrastructure automation, LAN, WiFi, SD-WAN & SDN delivery. Fast growing Grandmetric team is becoming also a referal point in Cloud migrations and DC Stack management with their Storage, OS and virtualization experience. Grandmetric provides technical insights along with technical trainings in areas of expertise. Latest projects cover also IoT subjects R&D in the area of IoT backend development, big data analysis and monitoring. Based on above experience in production systems maintenance, new division – Grandmetric Managed Services (GMS) maintaining IT infrastructure of corporates & globally present customers is available for demanding IT environments.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code


 

Newsletter