If the gateway router is not a dedicated device for the OOBM network, several safeguards must be implemented for containment of management and production traffic boundaries; otherwise, it is possible that management traffic will not be separated from production traffic. Since the managed network and the management network are separate routing domains, separate Interior Gateway Protocol (IGP) routing instances must be configured on the router, one for the managed network and one for the OOBM network. In addition, the routes from the two domains must not be redistributed to each other. This requirement also applies to Zero Trust initiatives.
This requirement is not applicable for the DODIN Backbone. Verify the IGP instance used for the managed network does not redistribute routes into the IGP instance used for the management network, and vice versa. If the IGP instance used for the managed network redistributes routes into the IGP instance used for the management network, or vice versa, this is a finding.
This requirement is not applicable for the DODIN Backbone. Configure the IGP instance used for the managed network to prohibit redistribution of routes into the IGP instance used for the management network, and vice versa.