OOB core router connectivity wish list

• Previous message (by thread): OOB core router connectivity wish list
• Next message (by thread): OOB core router connectivity wish list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael Abrahamsson wrote:
> IPMI is exactly what we're going for.

For Vendors that use a "PC" motherboard, IPMI would probably not be
difficult at all! :)

I think IPMI is a pretty terrible solution though, so if that's your
target I do think it's a step backwards.  Most IPMI cards are prime
examples of my worries, Linux images years out of date, riddled with
security holes and universally not trusted.  You're going to need a
"firewall" in front of any such solution to deploy it, so you can't
really eliminate the extra box I proposed just change its nature.

I also still think there's a lot of potential here to take gigantic
steps backwards.  Replacing a serial console with a Java applet in
a browser (a la most IPMI devices) would be a huge step backwards.
Today it's trival to script console access, in a Java applet world,
not so much.

Having a IPMI like device with dedicated ethernet and connection to the
management bus would allow it to have a web interface to do things like
power cycle individual line cards and may be a win, but I would posit
these things are to work around horribly broken upgrade procedures that
vendors have not given enough thought.  They could be solved with more
intelligent software in the ROM and on the main box without needing any
add on device.

> So I want to retire serial ports in the front to be needed for normal 
> operation. Look at the XR devices from Cisco for instance. For "normal 
> maintenance" you pretty much require both serial console (to do rommon 
> stuff one would imagine shouldn't be needed) and also mgmt ethernet (to 
> use tftp for downloading software when you need to turbo-boot because the 
> system is now screwed up because the XR developer ("install") team messed 
> up the SMUs *again*).

Your vendor is going to hire those same developers to write the code for
your OOB device.  The solution here is not bad developers writing and
deploying even more code, it's to demand your vendors uplevel their
developers and software.

Ever have these problems on Vendor J?  No, the upgrade process there is
smooth as silk.  Not to say that vendor is perfect, they just have
different warts.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130109/1c7831ea/attachment.sig>

• Previous message (by thread): OOB core router connectivity wish list
• Next message (by thread): OOB core router connectivity wish list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]