Menu

Poland

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Sweden

Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

  • en
  • pl
  • se
  • Control Plane Protection – part 1, trivial attack.

    Control Plane Protection – part 1, trivial attack.

    Date: 02.05.2016

    Author:


    How many of you use the control plane protection features given by the vendor with the benefit of inventory? From what I see mostly, it is a very rare practice to use CoPP. Most of the network engineers haven’t even heard of it. “Because my network performs well, why should I care about control plane protection?” I need to start with a few words about what a control plane (CP) is.

    CP is the area of device logic responsible for taking decisions, processing protocols (routing, switching), respond to requests (i.e. icmp echo reply), shortly CP is like the brain of the device (you can also think of CP as CPU – in some reason this makes sense). As now it is becoming clear, we have something important to lose when CP is not properly protected.

    I will give you a quick example. Having high-end well known platform Catalyst 6509 of Cisco as the stable core of the network and any other device / pc which can generate ICMP packets, I will show you how quickly the core can become weak and unstable.

    Let’s craft ICMP packet by sending a large PING (ICMP echo 8 0) (an attack similar to “Ping of Death” some say)

    Dev1# ping 10.197.255.1 repeat 10000 time 1 size 12000

    Observe then our high-end platform CPU usage:

    CORE1#sh processes cpu history
    
    
    Control Plane CoPP Attacking Network
    Control Plane CoPP Attacking Network
    Protect the Control Plane

    Just look at that, we cause the CORE platform to utilize the CPU up to 97% sending only 12000 size PING packet. Now you can imagine what if the CORE would handle multiple BGP sessions, OSPF sessions or perform other CPU related functions simultaneously?

    Note! In the next article, namely “Protect the Control Plane – part 2, CoPP.” I’m showing how to quickly prevent the cause of potential network and services damage.

    Author

    Grandmetric

    Grandmetric is an IT Next Generation Systems integration company helping clients with their IT transformation, infrastructure automation, LAN, WiFi, SD-WAN & SDN delivery. Fast growing Grandmetric team is becoming also a referal point in Cloud migrations and DC Stack management with their Storage, OS and virtualization experience. Grandmetric provides technical insights along with technical trainings in areas of expertise. Latest projects cover also IoT subjects R&D in the area of IoT backend development, big data analysis and monitoring. Based on above experience in production systems maintenance, new division – Grandmetric Managed Services (GMS) maintaining IT infrastructure of corporates & globally present customers is available for demanding IT environments.

    1 Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *


    Grandmetric