Network devices are designed to interoperate with each other in networks to carry services. The network devices and the network formed with the network devices may be susceptible to various types of attacks. Due to the variety of types of attacks, sources of attacks, and complexity of the network, it is operationally difficult to protect against attacks. To protect the network and network devices, a number of features are configured manually, such as control plane protection, infrastructure access control lists, management plane protection, and rate limiting.
Securing the network is expensive. For example, a control plane policing configuration may include an administrator created complex configuration file with hundreds of components identifying network components and settings. To protect internal components of a network from external attacks, routing information may be used to classify internal and external traffic. External traffic to internal network devices is blocked. The classification may be established manually. IEEE 802.1x uses a protocol to apply a policy for security allowing a device to connect to the network. However, the policy is constructed by and enforced using a centralized server. The result is manual configuration of different approaches. As the network changes, these defense mechanisms usually need to be adapted, leading to even higher operational load.
Manual configuration may be avoided, such as where security is configured automatically. The network generates one or more default configurations that are accepted by the nodes of the network. However, the default configuration of security may be overly restrictive for some interfaces since the connection established with the interface may not be known in advance.