[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Control Plane Security of ISP Network



On Mon, 6 Jun 2005 jbenedict@ca.safenet-inc.com wrote:

> Does anyone have a clear definition of "in-band" vs. "out-of-band" in this
> case?
>
> For example, can we consider anything that contacts the same interface as
> data traffic "in-band"?
> (i.e. IPSec or SSL connection for management)
>
> Or can it be over the same network, just a different interface (VLAN)?
>
> Or does it have to be separate interface/separate network (NOC)?
>
> Or does it have to be completely non-ip (serial-port)?
>
> All of these scenarios are in use today.  In my opinion, in-band would
> probably fall somewhere around VLANs (my theoretical half says they're OOB,
> but my practical half can still connect the dots).

I think a path based answer to that question would be more appropriate.
The method of carriage (IP/serial/whatever) is irrelevent to the question.
What really matters is whether the two paths (IB/OOB) ever meet.  At the
point they meet, you become "in band".

-- 
Yours,

J.A. Terranson
sysadmin@mfn.org
0xBD4A95BF


"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer
1907 Speech