out-of-band network experiences

Kevin Gannon kgannon at lancomms.ie
Tue Nov 6 08:33:53 UTC 2001


For our outof band management we do a number of things
based the customer:

1. All sites must provide an ISDN dialin to a customer
   router giving us telnet access from a large central
   secured RAS. The NOC team telnet to the RAS and type

   ras>customer_name
   Conecting to 1.1.1.1

   A very small number of staff can view the config of this
   RAS everyone else can just type "customer_name" they can
   not even look up these from the RAS. You either know the
   name or you get zip.Without this access the customers SLA 
   for support calls is zip. They will get 4 hours HW swap only.

2. NOC Monitored customers we will use a diverse FR PVC this
   gives IP access to all the routers from behind layers of
   firewalls/secureid. We also use a Async link from our remote
   router to at least one Core routers console/aux. This is very 
   useful for spotting things like power problems and crashed routers.
   All these sites will also include option 1 as the NOC team
   does *not* have direct IP access only telnet for SW upgrades
   a senior NOC manager has to be involved.

3. IPSec Tunnels , this is a new thing for us and its only starting
   to emerge and it is nearly always backed bu option 1.

4. Async modems attached to console/AUX ports this is managed in the
   same way as option 1. This is only used when ISDN is not an option
   for example for manage a lot of kit in remote telecoms shelves which
   do not support ISDN.

5. For the telecoms side we mostly depend on the inband signalling
   and some core SDH/ATM sites will have outofband using a combination
   of the above. In fact the last time I asked I was told they run
   X.25 pad,IP over X.25,IP over D channel,LAPD over timeslots,Async IP
   tunelling, CLNS over just about everything and 600 modems. 

The biggest problem by far is managing past your outofband port. I dont
know how many customers are running 10.x.x.x so polling for stats using
Openview became such a pain. We came up with another solution ;-).

Regards,
Kevin

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
Sean Donelan
Sent: 05 November 2001 21:48
To: nanog at merit.edu
Subject: Re: out-of-band network experiences




On Mon, 5 Nov 2001, Michael Chang wrote:
> I would appreciate if you could share your experiences of settting up
> out-of-band management networks especially large # 50 - 100+ sites.
> Appreciate your experiences on the follwing and any other:

Most providers rely on dialup async terminal/console port access
as their out-of-band management network.  It is generally a terminal
server connected to the equipment console ports, with a dialup modem
for external access.

A few (very few) providers have a dedicated out-of-band management
network.  Generally a frame-relay circuit to a management hub/router
connected to the async terminal server and low-speed (10 meg) ethernet
port on some routers.  One problem with high-end routers, it is either
expensive (lost opportunity cost) or impossible to connect low-speed
circuits to high-end routers.

Non-facility based providers often purchase their out-of-band circuits
from a different provider than their primary circuits.  AT&T is a
popular supplier for out-of-band management networks. AT&T may not
be price/competitive for high-bandwidth circuits, but for 64k/128k
frame-relay management links, it may make sense.

Carrier/facility based providers tend to use their own facilities.  Yep,
facility based providers have cut their own facilities in the past,
including one provider which took their own NOC off-line for most of
a day.




More information about the NANOG mailing list