Skip to main content

Protecting The Router Control Plane

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors David Dugal , Carlos Pignataro , Rodney Dunn
Last updated 2010-07-06 (Latest revision 2010-02-23)
Replaced by RFC 6192
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-opsec-protect-control-plane
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This memo provides a method for protecting a router's control plane from undesired or malicious traffic. In this approach, all legitimate control plane traffic is identifed. Once legitimate traffic has been identified, a filter is deployed on the router's forwarding plane. That filter prevents traffic not specifically identified as legitimate from reaching the router's control plane.


David Dugal
Carlos Pignataro
Rodney Dunn

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)