[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heavily revised in -02: OoB network interface for mgt

To: opsec@ops.ietf.org
Subject: Heavily revised in -02: OoB network interface for mgt
From: George Jones <gmj@pobox.com>
Date: Mon, 27 Oct 2003 07:29:55 -0500 (EST)
Reply-to: gmj@pobox.com

2.3.3 Support Separate Management Plane IP Interfaces

   Requirement. The device MAY provide designated network interface(s)
      that are used for management plane traffic.

   Justification. A separate management plane interface allows
      management traffic to be segregated from other traffic (data/
      forwarding plane, control plane).  This reduces the risk that
      unauthorized individuals will be able to observe management
      traffic and/or compromise the device.

      This requirement applies in situations where a separate OoB
      management network exists.

   Examples. This requirement may be satisfied, for example, with a
      predefined Ethernet port dedicated to management and isolated from
      customer traffic.

   Warnings. The use of this type of interface depends on proper
      functioning of both the operating system and the IP stack, as well
      as good, known configuration at least on the portions of the
      device dedicated to management.  To talk to an ethernet interface
      for management, you must know, for instance, it's IP address.

2.3.4 No Forwarding Between Management Plane And Other Interfaces

   Requirement. If the device implements separate network interface(s)
      for the management plane per Section 2.3.3 then the device MUST
      not forward traffic between the management plane and
      non-management plane interfaces.

   Justification. This prevents the flow, intentional or unintentional,
      of management traffic to/from places that it should not be
      originating/terminating (e.g. anything beyond the customer-facing
      interfaces).

   Examples. This requirement may be satisfied by implementing separate
      forwarding tables for management plane and non-management plane
      interfaces that do not propagate routes to each other.

   Warnings. None.


2.3.5 Provide Separate Resources For The Management Plane

   Requirement. If the device implements separate network interface(s)
      for the management plane per Section 2.3.3 then the device SHOULD
      provide separate resources and use separate software for different
      classes of interface.

   Justification. The use of separate resources and system software
      allows for fault isolation and increased reliability.  If
      something (a hacker sending a DoS flood or exercising a buffer
      overrun) takes out the forwarding plane, the management plane is
      likely to keep working, which will facilitate recovery.
      Likewise, if something causes the management plane to stop
      working, it is possible that the forwarding plane will keep doing
      its job (forwarding packets).

   Examples. Resources which should be separate include hardware
      (memory, processor), data (forwarding table), and software (OS, IP
      stack).

   Warnings. None.

Prev by Date: New to -02: Software/OS Install, Authorized Access Recovery
Next by Date: RE: New to -02: Software/OS Install, Authorized Access Recovery
Previous by thread: New to -02: Software/OS Install, Authorized Access Recovery
Next by thread: RE: [T1S1SEC] IETF activities on security requirements
Index(es):
- Date
- Thread