[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Control Plane Security of ISP Network



Does anyone have a clear definition of "in-band" vs. "out-of-band" in this
case?

For example, can we consider anything that contacts the same interface as
data traffic "in-band"?
(i.e. IPSec or SSL connection for management)

Or can it be over the same network, just a different interface (VLAN)?

Or does it have to be separate interface/separate network (NOC)?

Or does it have to be completely non-ip (serial-port)?

All of these scenarios are in use today.  In my opinion, in-band would
probably fall somewhere around VLANs (my theoretical half says they're OOB,
but my practical half can still connect the dots).

--
James

-----Original Message-----
From: Bora Akyol (bora) [mailto:bora@cisco.com]
Sent: Monday, June 06, 2005 10:47 AM
To: Smith, Donald; pmrn; Miao Fuyou
Cc: Merike Kaeo; opsec@ops.ietf.org; eludom@gmail.com
Subject: RE: Control Plane Security of ISP Network


May want to i

May want to include a requirement to the document:

Under no circumstance will there be a separation of faith between the
control and the data planes; that is, control plane thinks everything is
solid, and the data plane is out cold, or vice versa.

Personally, I think we can do a lot to protect the control traffic even
when it is in-band that such a separation is unnecessary.

Bora

The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it.