Data Plane Policing

This topic describes how to use policing and the scavenger class to protect the data plane.

Data Plane policing is the actual policing of data traffic. Understanding what is a normal profile behavior for users and servers and what is not is key in setting up policers to remark and drop packets. Out-of-profile behavior could be categorized by the increase in data traffic as a worm is being propagated over the enterprise network. Normal profile behavior could be what is expected from end-user traffic as well as server traffic.

Understanding what is a normal traffic flow within your network allows you to define a policing strategy that can mitigate any negative impact that out-of-profile flows can have on the network.

Data plane policing allows data traffic to flow, thereby providing high network availability. A key benefit to deploying data plane policing is that it augments network security so that in the event of a DoS worm attack, out-of-profile traffic can be remarked and placed into a Scavenger class, policed aggressively, and dropped.

Was this article helpful?

0 0

Post a comment