The present invention relates generally to data communications. More particularly, the present invention relates to processor traffic segregation for network switching and routing.
In conventional managed network devices such as network switches and routers, the processor is generally accessed in the same manner as other ports in the device. While this approach has merit, it exposes the processor to denial-of-service (DoS) attacks, for example by flooding the processor with address resolution protocol (ARP) packets and the like so that the processor is too busy to handle routine user traffic. Such DoS generally require a technician to visit the afflicted network device to diagnose the problem, incurring substantial cost and delay in the process.