Cisco Network Foundation Protection (NFP) framework
Network Foundation Protection (NFP) is a framework designed by Cisco to logically group functions that occur on a network. The framework combines a number of security techniques to secure routers and switches and ensure the availability of the network even when it is under attack. It is broken down into three basic sections (planes):
- Management plane – the protocols and traffic that a network administrator uses to configure network devices from his computer. An example of the management plane traffic is the SSH or Telnet data generated by a network administrator when a Cisco IOS device is configured remotely. If a failure occurs in this plane, the ability to remotely manage a network device might be lost.
- Control plane – the protocols and traffic that the network devices send between each other (without interaction from an administrator) for automatic network discovery and configuration. Examples of such traffic are ARP messages or routing protocol updates. If a failure occurs in this plane, the devices might lose ability to share or learn routing information.
- Data plane – the end-user traffic. This is the traffic that is going through your network, and not to a network device. For example, the traffic generated when a user in your network browse a website. If a failure occurs in this plane, the user might be prevented from completing his work.