Geia sou (hello) Kostas
This is a very important aspect that you bring up. There are several things that come into play.
Under normal operation, a networking device that receives control plane traffic will “punt” the packet to the CPU to be processed. The term “punt” is used to describe the action of moving a packet from the fast path to the route processor or CPU for handling. CoPP will block the packet from even reaching the CPU therefore there is no impact on the CPU itself. Take a look at the following diagram taken from this Cisco Documentation:
CoPP functions at the location that is indicated. Packets that match the criteria will never reach the CPU.
Now all of this presupposes that the platform and IOS we are talking about does indeed have the architecture and feature set described. Lower end devices with a single CPU and no specialize ASICs may not support such a feature and may require all packets to be examined and processed by the CPU.
Now if you just apply an ACL to an interface to block specific traffic, then you are going to use more CPU power because the CPU itself is going to be processing those matches. However, keep in mind that the impact on the CPU of ACLs is typically minimal especially on today’s modern network devices. It still save some CPU power because the packet is dropped after simply examining its IP header. If it wasn’t dropped then the CPU would be used extensively to find a matching entry in the routing table and to send it out the appropriate interface, or, in the case of control plane traffic, will receive the packet and so whatever it has to do with it. This is typically much more CPU intensive than a simple match statement on an ACL.
As for the rACLs, this Cisco documentation (in the Introduction section) talks very clearly about these access lists and how they operate.
I hope this has been helpful!
Laz