[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Control Plane Security of ISP Network


> On 6/6/05, David Barak <thegameiam@yahoo.com> wrote:
> > Let me nitpick meaningfully: I think that what we want is not 
> > separation, but rather the situation where the control plane can 
> > affect the workings of the data plane, but not the reverse, right?

Not true. Our IP data plane uses the data plane to do its job. Miss too
many hellos, miss an update, miss an LSA, and the control plane takes
action. The reality is today, the control and data planes are designed
from bottom up to interact. Pulling them apart is going to be tedious

So new security techniques which could minimize the direct and
collateral impact of an accidental or intentional impact is where we
should focus.

For example, one of the primary reasons several SPs have moved to ISIS
over these last few years is security. In addition to ISIS not being IP,
it has some interesting properties that allows from more resistance to
be built into the network: