[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Control Plane Security of ISP Network

To: "Miao Fuyou" <miaofy@huawei.com>, <gmj@pobox.com>, "David Barak" <thegameiam@yahoo.com>
Subject: RE: Control Plane Security of ISP Network
From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
Date: Tue, 7 Jun 2005 09:59:52 -0700
Cc: "J.A. Terranson" <measl@mfn.org>, <opsec@ops.ietf.org>

> On 6/6/05, David Barak <thegameiam@yahoo.com> wrote:
> 
> > Let me nitpick meaningfully: I think that what we want is not 
> > separation, but rather the situation where the control plane can 
> > affect the workings of the data plane, but not the reverse, right?

Not true. Our IP data plane uses the data plane to do its job. Miss too
many hellos, miss an update, miss an LSA, and the control plane takes
action. The reality is today, the control and data planes are designed
from bottom up to interact. Pulling them apart is going to be tedious
work. 

So new security techniques which could minimize the direct and
collateral impact of an accidental or intentional impact is where we
should focus.

For example, one of the primary reasons several SPs have moved to ISIS
over these last few years is security. In addition to ISIS not being IP,
it has some interesting properties that allows from more resistance to
be built into the network:

	http://www.nanog.org/mtg-0405/mcdowell.html

Follow-Ups:
- RE: Control Plane Security of ISP Network
  - From: Miao Fuyou <miaofy@huawei.com>

Prev by Date: RE: Control Plane Security of ISP Network
Next by Date: RE: Control Plane Security of ISP Network
Previous by thread: RE: Control Plane Security of ISP Network
Next by thread: RE: Control Plane Security of ISP Network
Index(es):
- Date
- Thread