Application layer association results in discarding potential attack packets on the forwarding engine by associating the control plane with the forwarding engine. This reduces unnecessary processing on the device and enhances the device reliability.
With application layer association, whether the forwarding engine on the lower layer sends protocol packets is associated with the protocol status (enabled or disabled) on the control plane. Application layer association synchronizes the protocol status between the control plane and the lower layer. If the protocol is disabled on the device, the lower layer hardware sends the corresponding protocol packets at a low bandwidth or may even not send these packets to minimize the attack range.
When the status of any application layer association protocol changes, the control plane informs the forwarding plane of the change. Then, the forwarding plane adjusts the bandwidth for packet to be sent to the CPU according to the status change.
After receiving the application layer association protocol packets, the router checks whether the packets match the ACL to determine the CAR channel for sending the packets. If the protocol for the packets is enabled, the packets are sent to the control layer at the configured or default CAR.
If the protocol for the packets is disabled, the packets are sent to the control layer at the minimum bandwidth or discarded. By default, the packets are sent to the control layer at the minimum bandwidth. You can configure packet discarding.