OOB

Christopher Morrow morrowc.lists at gmail.com
Tue Jul 26 15:09:25 UTC 2011


On Tue, Jul 26, 2011 at 11:04 AM, Paul Stewart <paul at paulstewart.org> wrote:
> Honestly - in our core network, this has only happened once in almost 10
> years... seriously.  Everything in our core networks is redundant ... yes, I
> know redundancy breaks of course ;)
>

I hear you.

> When it did happen, we had remote hands reboot the equipment and everything
> was restored in approximately 30 minutes.
>

lucky that the breakage wasn't in east-elbonia...cause that does suck.
"yea, we'll have to get someone on a plane, it'll be up in about 8
hrs..."

> I'm not saying boldly that we won't get caught with our pants down some day
> - just that previous experience has shown us to be prepared for the worst
> and the worst hasn't occurred. We have looked at OOB options and it's been
> discussed many times - it just slips off the radar constantly.  Maybe it's
> "once bitten, twice shy" that needs to occur for the priority to change
> again.

perhaps. but given a clean slate, would you:

1) live with more redundancy in the core and hope that you don't lose
access to things downstream from a problem (or the problemchild
itself)
2) think about a solution to provide OOB access via another infrastructure?


Presume you can figure the costs as well so loss of a
node/set-of-nodes SLA-wise is more expensive than 1yr of oob access?

-chris

>
> -----Original Message-----
> From: christopher.morrow at gmail.com [mailto:christopher.morrow at gmail.com] On
> Behalf Of Christopher Morrow
> Sent: Tuesday, July 26, 2011 10:14 AM
> To: Paul Stewart
> Cc: NANOG list
> Subject: Re: OOB
>
> On Tue, Jul 26, 2011 at 10:03 AM, Paul Stewart <paul at paulstewart.org> wrote:
>> We do everything in-band with strict monitoring/policies in place.
>
> what do you do if your in-band fails? if a router/switch/ROADM is
> isolated from the rest of your network?
> (isn't that the core point of the OP?)
>
>> -----Original Message-----
>> From: harbor235 [mailto:harbor235 at gmail.com]
>> Sent: Tuesday, July 26, 2011 9:57 AM
>> To: NANOG list
>> Subject: OOB
>>
>> I am curious what is the best practice for OOB for a core
>> infrastructure environment. Obviously, there is
>> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
>> there is OOB for core infrastructure
>> typically a separate basic network that utilizes diverse carrier and
> diverse
>> path when available.
>>
>> My question is, is it best practice to extend an inband VPN throughout for
>> device management functions as well?
>> And are all management services performed OOB, e.g network management,
> some
>> monitoring, logging,
>> authentication, flowdata, etc ..... If a management VPN is used is it also
>> extended to managed customer devices?
>>
>> What else is can be done for remote management and troubleshooting
>> capabilities?
>>
>> Mike
>>
>>
>>
>
>




More information about the NANOG mailing list