Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 189

Implementing Management Plane Protection on Cisco IOS XR Software
•
•
Inband Management Interface
An inband management interface is a Cisco IOS XR physical or logical interface that processes
management packets, as well as data-forwarding packets. An inband management interface is also called
a shared management interface.
Out-of-Band Management Interface
Out-of-band refers to an interface that allows only management protocol traffic to be forwarded or
processed. An out-of-band management interface is defined by the network operator to specifically
receive network management traffic. The advantage is that forwarding (or customer) traffic cannot
interfere with the management of the router, which significantly reduces the possibility of
denial-of-service attacks.
Out-of-band interfaces forward traffic only between out-of-band interfaces or terminate management
packets that are destined to the router. In addition, the out-of-band interfaces can participate in dynamic
routing protocols. The service provider connects to the router's out-of-band interfaces and builds an
independent overlay management network, with all the routing and policy tools that the router can
provide.
Peer-Filtering on Interfaces
The peer-filtering option allows management traffic from specific peers, or a range of peers, to be
configured.
Control Plane Protection Overview
A control plane is a collection of processes that run at the process level on a route processor and
collectively provide high-level control for most Cisco IOS XR software functions. All traffic directly or
indirectly destined to a router is handled by the control plane. Management Plane Protection operates
within the Control Plane Infrastructure.
Management Plane
The management plane is the logical path of all traffic that is related to the management of a routing
platform. One of three planes in a communication architecture that is structured in layers and planes, the
management plane performs management functions for a network and coordinates functions among all
the planes (management, control, and data). In addition, the management plane is used to manage a
device through its connection to the network.
Examples of protocols processed in the management plane are Simple Network Management Protocol
(SNMP), Telnet, HTTP, Secure HTTP (HTTPS), and SSH. These management protocols are used for
monitoring and for command-line interface (CLI) access. Restricting access to devices to internal
sources (trusted networks) is critical.
OL-20382-01
Management Plane Protection Feature, page SC-184
Benefits of the Management Plane Protection Feature, page SC-184
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
Information About Implementing Management Plane Protection
SC-183