This topic describes how to use policing and the scavenger class to protect the data plane.
Data Plane policing is the actual policing of data traffic. Understanding what is a normal profile behavior for users and servers and what is not is key in setting up policers to remark and drop packets. Out-of-profile behavior could be categorized by the increase in data traffic as a worm is being propagated over the enterprise network. Normal profile behavior could be what is expected from end-user traffic as well as server traffic.
Understanding what is a normal traffic flow within your network allows you to define a policing strategy that can mitigate any negative impact that out-of-profile flows can have on the network.
Data plane policing allows data traffic to flow, thereby providing high network availability. A key benefit to deploying data plane policing is that it augments network security so that in the event of a DoS worm attack, out-of-profile traffic can be remarked and placed into a Scavenger class, policed aggressively, and dropped.
Was this article helpful?