[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Control Plane Security of ISP Network

To: "David Barak" <thegameiam@yahoo.com>, <gmj@pobox.com>, "J.A. Terranson" <measl@mfn.org>
Subject: RE: Control Plane Security of ISP Network
From: "Smith, Donald" <Donald.Smith@qwest.com>
Date: Mon, 6 Jun 2005 11:56:53 -0600
Cc: <opsec@ops.ietf.org>

David, I agree. But we shouldn't ignore the other reason(s) for oob
networks such as disaster recovery, fat fingered configs locking out all
traffic etc...
Those are primary management plane issues so may not apply in the
control plane.


donald.smith@qwest.com giac 

> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On 
> Behalf Of David Barak
> Sent: Monday, June 06, 2005 11:28 AM
> To: gmj@pobox.com; J.A. Terranson
> Cc: opsec@ops.ietf.org
> Subject: Re: Control Plane Security of ISP Network
> 
> 
> 
> 
> --- George Jones <eludom@gmail.com> wrote:
> 
> > On 6/6/05, J.A. Terranson <measl@mfn.org> wrote:
> > > 
> > > On Mon, 6 Jun 2005 jbenedict@ca.safenet-inc.com
> > wrote:
> > > 
> > > > Does anyone have a clear definition of "in-band"
> > vs. "out-of-band" in this
> > > > case?
> > 
> > > 
> > > I think a path based answer to that question would
> > be more appropriate.
> > > The method of carriage (IP/serial/whatever) is
> > irrelevent to the question.
> > > What really matters is whether the two paths
> > (IB/OOB) ever meet.  At the
> > > point they meet, you become "in band".
> > 
> > Yes.
> > 
> > If things go down the same path, they are not
> > separate (but then see
> > Chris' later
> > observation about  bandwidth reservations).   In the
> > general case you want 
> > the separation to include all resources, not just
> > path.
> 
> Let me nitpick meaningfully: I think that what we want
> is not separation, but rather the situation where the
> control plane can affect the workings of the data
> plane, but not the reverse, right?
> 
> This brings to mind how a lot of Frame and ATM
> switches work - while switches will do some limited
> signalling to each other in-band, no amount of
> resource exhaustion  on the data plane can affect the
> control plane.
> 
> Is this correct?
> 
> 
> David Barak
> Need Geek Rock?  Try The Franchise: 
> http://www.listentothefranchise.com
> 
> 
> 		
> __________________________________ 
> Discover Yahoo! 
> Find restaurants, movies, travel and more fun for the 
> weekend. Check it out! 
> http://discover.yahoo.com/weekend.html 
> 
> 
>

Prev by Date: Re: Control Plane Security of ISP Network
Next by Date: RE: Control Plane Security of ISP Network
Previous by thread: RE: Control Plane Security of ISP Network
Next by thread: RE: Control Plane Security of ISP Network
Index(es):
- Date
- Thread