2008-04-15
Management interfaces as isolated interfaces
Setting up isolated interfaces can seem like a lot of work that has relatively little point, but there is at least one important case for them: management interfaces on machines that route traffic.
Consider your typical garden variety routing firewall. Let us assume that you do not want to make it directly accessible on its outside router IP, because then the outside world could attack it, or any of its normal inside IPs, because then compromised machines inside your network could attack it. So you give it a connection to your management network.
You don't want people who route through the firewall to be able to reach your management network; even if nothing on the management network could route packets back, simply flinging packets at machines can do a certain amount of damage. (Especially when any number of things on your management network may have less than completely robust IP stacks and software.)
You could protect the management network with firewall rules alone, but this is at least somewhat brittle and there's a bunch of cases to think of, where one slip with one network could leave holes. Setting up the management interface as an isolated interface gives you another solid layer in the way of things going wrong. Flub the firewall rules one day? You're still not leaking packets.
(It is a pity that it is so hard to set up isolated interfaces, or equivalently to divide interfaces into interface groups. But then I suppose it's not something that most systems do often.)