[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Control Plane Security of ISP Network

--- George Jones <eludom@gmail.com> wrote:

> On 6/6/05, J.A. Terranson <measl@mfn.org> wrote:
> > 
> > On Mon, 6 Jun 2005 jbenedict@ca.safenet-inc.com
> wrote:
> > 
> > > Does anyone have a clear definition of "in-band"
> vs. "out-of-band" in this
> > > case?
> > 
> > I think a path based answer to that question would
> be more appropriate.
> > The method of carriage (IP/serial/whatever) is
> irrelevent to the question.
> > What really matters is whether the two paths
> (IB/OOB) ever meet.  At the
> > point they meet, you become "in band".
> Yes.
> If things go down the same path, they are not
> separate (but then see
> Chris' later
> observation about  bandwidth reservations).   In the
> general case you want 
> the separation to include all resources, not just
> path.

Let me nitpick meaningfully: I think that what we want
is not separation, but rather the situation where the
control plane can affect the workings of the data
plane, but not the reverse, right?

This brings to mind how a lot of Frame and ATM
switches work - while switches will do some limited
signalling to each other in-band, no amount of
resource exhaustion  on the data plane can affect the
control plane.

Is this correct?

David Barak
Need Geek Rock?  Try The Franchise: 

Discover Yahoo! 
Find restaurants, movies, travel and more fun for the weekend. Check it out!