If DNS is part of management plane then why isn't it in the following list:
router2(config-cp-host)#management-interface g0/0 allow ? beep Beep Protocol ftp File Transfer Protocol http HTTP Protocol https HTTPS Protocol snmp Simple Network Management Protocol ssh Secure Shell Protocol telnet Telnet Protocol tftp Trivial File Transfer Protocol tl1 Transaction Language Session Protocol tls Transport Layer Security Protocol With regards Kings On Tue, Nov 9, 2010 at 12:50 PM, Pieter-Jan Nefkens < [email protected]> wrote: > Hi Kings, > > But DNS is used for management. You can use it, for example, for URL > filtering, certificate enrollment / verification, etc... > And you might want to consider to let DNS traffic leave out of the > management interface (thus out-of-band certificate enrollment, RBL checks, > url filtering, etc). And that would mean that dns would be part of the > management plane. > > For me, the control plane basically is the CPU in the router that talks > with the data plane and allows the setting of hardware entries in the data > plane and handle all traffic that can't be handled in the data-plane. > This includes the arp entries (arp is then placed in the data plane), > application layer inspection that can't be handled in hardware, changes of > routing entries, etc.. > > The management plane for me is mostly the ways to configure traffic and how > the router handles traffic and applications. And then in general all traffic > that is nog immediately part of routing / switching. (the handling of > routing protocols is of course on the control plane, as it comes in from all > interfaces), but you might want to restrict management traffic > > HTH > > Pieter-Jan > > On 9 nov 2010, at 06:33, Kingsley Charles wrote: > > Tyson, DNS is not required to build the network hence I agree it's not part > of control plane. > > DNS is a protocol that builds the Name to IP address table. If CDP is part > of the control plane which doesn't help much to operate the network then I > feel DNS can also be part of control plane :-) > > > > > With regards > Kings > > On Tue, Nov 9, 2010 at 10:07 AM, Tyson Scott <[email protected]> wrote: > >> Is DNS necessary, from a router perspective, for the network to operate? >> >> >> Control plane is only network services that "glue" the network together. >> >> >> Routing protocols, >> >> >> Regards, >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> *From:* Kingsley Charles [mailto:[email protected]] >> *Sent:* Monday, November 08, 2010 11:06 PM >> *To:* Tyson Scott >> *Cc:* Eugene Pefti; [email protected] >> >> *Subject:* Re: [OSL | CCIE_Security] DNS part of which plane >> >> >> >> Hi Tyson >> >> Can you please let me know the reason for having DNS in management plane. >> How does the DNS help to manage the deivce? >> >> I am not getting the picture. >> >> With regards >> Kings >> >> On Tue, Nov 9, 2010 at 8:08 AM, Tyson Scott <[email protected]> wrote: >> >> DNS is management plane. It is not a service that glues the L3 network >> together. >> >> >> Regards, >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Eugene Pefti >> *Sent:* Sunday, November 07, 2010 3:23 AM >> *To:* 'Kingsley Charles' >> >> >> *Cc:* [email protected] >> *Subject:* Re: [OSL | CCIE_Security] DNS part of which plane >> >> >> That’s right. We see all ports that open on the router that belongs to the >> so-called host subinterface of Control Plane. What are debating about then ? >> ;) >> >> I didn’t find that DNS belongs to management plane in Cisco’s official >> documentation. Perhaps Yusuf in his flash cards is not right as the list of >> protocols mentioned in the Figure for this question is too big. Unless I >> confuse entirely the concept of Control and Management Plane >> >> >> *From:* Kingsley Charles [mailto:[email protected]] >> *Sent:* Sunday, November 07, 2010 12:56 AM >> *To:* Eugene Pefti >> *Cc:* [email protected] >> *Subject:* Re: [OSL | CCIE_Security] DNS part of which plane >> >> >> Eugene, the O/P is self explanatory. The show control-plane host openshows >> all the port that the router is listening to. The >> O/P has port 22 and 23 which is ssh and telnet respectively. Does that mean >> telnet and ssh are control plane protocols? >> >> The O/P includes management, control and service protocol port numbers. >> ISAKMP is in service plane right, you can 500 and 4500 in the O/P too. >> >> >> With regards >> Kings >> >> On Sun, Nov 7, 2010 at 1:13 PM, Eugene Pefti <[email protected]> >> wrote: >> >> It’s a good point, Kings. >> >> Our customer uses their routers as DNS servers at their remote offices and >> the traffic destined to the router itself can be falling under the >> management plane. >> >> I thought that you control access to the router via a regular ACL which I >> still do by applying it to different VLAN interfaces. >> >> But when I query the router to show me open ports under the control plane >> I see DNS on the list as well. Hence DNS traffic is from control-plane ;) >> >> >> Router_LAB#show control-plane host open >> >> Active internet connections (servers and established) >> >> Prot Local Address Foreign >> Address Service State >> >> tcp *:22 *:0 >> SSH-Server LISTEN >> >> tcp *:23 >> *:0 Telnet LISTEN >> >> tcp *:53 *:0 >> DNS Server LISTEN >> >> udp *:53 *:0 >> DNS Server LISTEN >> >> udp *:67 *:0 >> DHCPD Receive LISTEN >> >> udp *:2887 >> *:0 DDP LISTEN >> >> udp *:123 >> *:0 NTP LISTEN >> >> udp *:4500 >> *:0 ISAKMP LISTEN >> >> udp *:500 >> *:0 ISAKMP LISTEN >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Saturday, November 06, 2010 11:52 PM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] DNS part of which plane >> >> >> Hi all >> >> As per the Yusuf flash cards, DNS is part of the Management plane. >> >> Management plane is used to manage the device and control plane is used to >> dynamically build the network. >> >> The DNS builds the network by resolving the FQDN to IP address. >> >> I think, DNS should be in the control plane list. >> >> Any thoughts? >> >> With regards >> Kings >> >> >> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > --- > > Nefkens Advies > > Enk 26 > > 4214 DD Vuren > > The Netherlands > > > Tel: +31 183 634730 > > Fax: +31 183 690113 > > Cell: +31 654 323221 > > Email: [email protected] > > Web: http://www.nefkensadvies.nl/ > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
