out-of-band network experiences
kgannon at lancomms.ie
Tue Nov 6 08:33:53 UTC 2001
For our outof band management we do a number of things
based the customer:
1. All sites must provide an ISDN dialin to a customer
router giving us telnet access from a large central
secured RAS. The NOC team telnet to the RAS and type
Conecting to 18.104.22.168
A very small number of staff can view the config of this
RAS everyone else can just type "customer_name" they can
not even look up these from the RAS. You either know the
name or you get zip.Without this access the customers SLA
for support calls is zip. They will get 4 hours HW swap only.
2. NOC Monitored customers we will use a diverse FR PVC this
gives IP access to all the routers from behind layers of
firewalls/secureid. We also use a Async link from our remote
router to at least one Core routers console/aux. This is very
useful for spotting things like power problems and crashed routers.
All these sites will also include option 1 as the NOC team
does *not* have direct IP access only telnet for SW upgrades
a senior NOC manager has to be involved.
3. IPSec Tunnels , this is a new thing for us and its only starting
to emerge and it is nearly always backed bu option 1.
4. Async modems attached to console/AUX ports this is managed in the
same way as option 1. This is only used when ISDN is not an option
for example for manage a lot of kit in remote telecoms shelves which
do not support ISDN.
5. For the telecoms side we mostly depend on the inband signalling
and some core SDH/ATM sites will have outofband using a combination
of the above. In fact the last time I asked I was told they run
X.25 pad,IP over X.25,IP over D channel,LAPD over timeslots,Async IP
tunelling, CLNS over just about everything and 600 modems.
The biggest problem by far is managing past your outofband port. I dont
know how many customers are running 10.x.x.x so polling for stats using
Openview became such a pain. We came up with another solution ;-).
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
Sent: 05 November 2001 21:48
To: nanog at merit.edu
Subject: Re: out-of-band network experiences
On Mon, 5 Nov 2001, Michael Chang wrote:
> I would appreciate if you could share your experiences of settting up
> out-of-band management networks especially large # 50 - 100+ sites.
> Appreciate your experiences on the follwing and any other:
Most providers rely on dialup async terminal/console port access
as their out-of-band management network. It is generally a terminal
server connected to the equipment console ports, with a dialup modem
for external access.
A few (very few) providers have a dedicated out-of-band management
network. Generally a frame-relay circuit to a management hub/router
connected to the async terminal server and low-speed (10 meg) ethernet
port on some routers. One problem with high-end routers, it is either
expensive (lost opportunity cost) or impossible to connect low-speed
circuits to high-end routers.
Non-facility based providers often purchase their out-of-band circuits
from a different provider than their primary circuits. AT&T is a
popular supplier for out-of-band management networks. AT&T may not
be price/competitive for high-bandwidth circuits, but for 64k/128k
frame-relay management links, it may make sense.
Carrier/facility based providers tend to use their own facilities. Yep,
facility based providers have cut their own facilities in the past,
including one provider which took their own NOC off-line for most of
More information about the NANOG