[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Control Plane Security of ISP Network

--- "Smith, Donald" <Donald.Smith@qwest.com> wrote:

> Clearly my definitions of data, mgmt, and ctrl
> planes are not complete;)
> A good definition of the ctrl plane will probably be
> a good place to
> start.
> Do we include icmp port/host/net unreachable and
> other icmp error
> messages in the control plane?

I would argue "no," for the following reason: ICMP
unreachables are something which communicate
information from a data-plane host to another
data-plane host.  An analagous comparison would be
that Frame-Relay switches can generate FECN/BECN on
the data plane.

Now, certain cases of ICMP unreachable would need to
be used on the data plane - i.e. if a device attempted
to communicate with a control server which crashed, it
should be able to receive an ICMP unreachable, but
that should be completely divorced from the data


David Barak
Need Geek Rock?  Try The Franchise: 

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around