CPM-Filters are used to restrict (or in combination with cpm-queues, rate limit) traffic destined to the CPU on the SF/CPM including routing protocols. These filters are implemented in TiMOS/SR-OS such that packets exit on first match to perform the associated action. It is critical that filter entries be properly sequenced from most to least explicit. The CPM filters are dedicated ACL-like filters that act only on control traffic this is extracted from the data plane and sent to the CPM for processing.
Consult the TiMOS/SR-OS Security Best Practices Guide for more information on this topic. The TiMOS/SR-OS Security Best Practices Guide is available from the Nokia/Alcatel-Lucent Customer Support Portal at https://support.alcatel-lucent.com/portal/web/support.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Alcatel.