Restrictions For Implementing Management Plane Protection; Information About Implementing Management Plane Protection; Inband Management Interface; Control Plane Protection Overview - Cisco IOS XR Configuration Manual

Restrictions for Implementing Management Plane Protection

Restrictions for Implementing Management Plane Protection
Out-of-band configurations, which configure an interface to allow only management traffic, are not
supported for this release.

Information About Implementing Management Plane Protection

Before you enable the Management Plane Protection feature, you should understand the following
concepts:
•
•
•
•
•

Inband Management Interface

An inband management interface is a Cisco IOS XR physical or logical interface that processes
management packets as well as data-forwarding packets. An inband management interface is also called
a shared management interface.

Control Plane Protection Overview

A control plane is a collection of processes that run at the process level on a route processor and
collectively provide high-level control for most Cisco IOS XR software functions. All traffic directly or
indirectly destined to a router is handled by the control plane.
Control Plane Policing (CoPP) is a Cisco IOS XR control-plane feature that offers rate limiting of all
control-plane traffic. CoPP allows you to configure a quality of service (QoS) filter that manages the
traffic flow of control plane packets. This QoS filter helps to protect the control plane of Cisco IOS XR
routers and switches against denial-of-service (DoS) attacks and helps to maintain packet forwarding
and protocol states during an attack or during heavy traffic loads.
Control Plane Protection is a framework that encompasses all policing and protection features in the
control plane. The Control Plane Protection feature extends the policing functionality of the CoPP
feature by allowing finer policing granularity. Control Plane Protection also includes a traffic classifier,
which intercepts control-plane traffic and classifies it in control-plane categories. Management Plane
Protection operates within the Control Plane Protection infrastructure.

Management Plane

The management plane is the logical path of all traffic that is related to the management of a routing
platform. One of three planes in a communication architecture that is structured in layers and planes, the
management plane performs management functions for a network and coordinates functions among all
the planes (management, control, and data). In addition, the management plane is used to manage a
device through its connection to the network.
Cisco IOS XR System Security Configuration Guide
SC-228
Inband Management Interface, page SC-228
Control Plane Protection Overview, page SC-228
Management Plane, page SC-228
Management Plane Protection Feature, page SC-229
Benefits of the Management Plane Protection Feature, page SC-229
Implementing Management Plane Protection on Cisco IOS XR Software