To prevent Denial of Service (DoS) attack on the servers using large stream of packets destined for processing by the device's Control Plane Processing Unit (CPU), they must be dropped. These packets occupy the device's processing resources and restricts the resources available for use for traffic processing. These packets are processed by default. This section describes how to disable this packet processing and prevent this type of attack.
To configure dropping of packets with the destination as the device's CPU, do the following.
Packets with an ip option and destination to CPU with my-ip
gets dropped.