Protecting The Router Control Plane

Document Type Replaced Internet-Draft (individual)
Last updated 2010-07-06 (latest revision 2010-02-23)
Replaced by draft-ietf-opsec-protect-control-plane
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-opsec-protect-control-plane
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo provides a method for protecting a router's control plane from undesired or malicious traffic. In this approach, all legitimate control plane traffic is identifed. Once legitimate traffic has been identified, a filter is deployed on the router's forwarding plane. That filter prevents traffic not specifically identified as legitimate from reaching the router's control plane.


David Dugal (
Carlos Pignataro (
Rodney Dunn (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)