Control Plane Policing
Related Topics
Control Plane Policing
The Cisco NX-OS device provides control plane policing to prevent denial-of-service (DoS) attacks from
impacting performance. The supervisor module of the Cisco NX-OS device has both the management plane
and control plane and is critical to the operation of the network. Any disruption to the supervisor module
would result in serious network outages. Excessive traffic to the supervisor module could overload it and slow
down the performance of the entire Cisco NX-OS device. Attacks on the supervisor module can be of various
types such as, denial-of-service (DoS) attacks that generate IP traffic streams to the control plane at a very
high rate. These attacks result in the control plane spending a large amount of time in handling these packets,
which makes the control plane unable to process genuine traffic.
Related Topics
Rate Limits
Rate limits can prevent redirected packets for egress exceptions from overwhelming the supervisor module
on a Cisco NX-OS device.
Related Topics
Software Image
The Cisco NX-OS software consists of one NXOS software image (for example, n9000-dk9.6.1.2.I1.1.bin).
This image runs on all Cisco Nexus 9000 Series switches.
Virtual Device Contexts
Cisco NX-OS can segment operating system and hardware resources into virtual device contexts (VDCs) that
emulate virtual devices. The Cisco Nexus 9000 Series switches currently do not support multiple VDCs. All
switch resources are managed in the default VDC.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
8
Configuring Traffic Storm Control
Configuring Control Plane Policing
Configuring Rate Limits
Overview