RFC 3871           Operational Security Requirements      September 2004

2.4.3.  'CLI' Supports Management Over 'Slow' Links

   Requirement.

      The device MUST support a command line interface (CLI) or

      equivalent mechanism that works over low bandwidth connections.

   Justification.

   There are situations where high bandwidth for management is not

   available, for example when in band connections are overloaded during

   an attack or when low bandwidth, out of band connections such as

   modems must be used.  It is often under these conditions that it is

   most crucial to be able to perform management and configuration

   functions.

   Examples.

      The network is down.  The network engineer just disabled routing

      by mistake on the sole gateway router in a remote unmanned data

      center.  The only access to the device is over a modem connected

      to a console port.  The data center customers are starting to call

      the support line.  The GUI management interface is redrawing the

      screen multiple times...slowly... at 9600bps.

      One mechanism that supports operation over slow links is the

      ability to apply filters to the output of CLI commands which have

      potentially large output.  This may be implemented with something

      similar to the UNIX pipe facility and "grep" command.

      For example,

         cat largefile.txt | grep interesting string

      Another is the ability to "page" through large command output,

      e.g., the UNIX "more" command:

      For example,

         cat largefile.txt | more

   Warnings.

      One consequence of this requirement may be that requiring a GUI

      interface for management is unacceptable unless it can be shown to

      work acceptably over slow links.

Jones                        Informational                     [Page 24]