Proper authentication model

Hannigan, Martin hannigan at verisign.com
Wed Jan 12 15:16:20 UTC 2005



> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
> Iljitsch van Beijnum
> Sent: Wednesday, January 12, 2005 6:25 AM
> To: Gernot W. Schmied
> Cc: NANOG list
> Subject: Re: Proper authentication model
> 
> 
> 
> On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
> 
> >> True out of band management networks are very hard to 
> build and very 
> >> hard to use, and you run the risk that you can't get at your stuff 
> >> because the management network is down.
> 
> > IS-IS can be highly recommended for true out of band 
> management, it is 
> > reachable when IP goes down the drain entirely.
> 
> To me, true "out of band management" means that the 
> management traffic 
> doesn't flow over production links. You are right that IS-IS can 
> continue to function when IP is confused (although with integrated 
> IS-IS OSI will probably be just as confused as IP). But IS-IS isn't a 
> management protocol, of course.  :-)

Out of band management isn't telnetting from your desktop to
the serial port.

Mgmt and surveillance is the Bellcore standard for out of band.
It means your M/S is not riding your customer or public networks, and
it's physically seperate. Yes, this is the cadillac method, but the
only way to support five nines IMHO.

If you have 3 sites and they're interconnected via an OC3
and the internet, you would also have 2 frame or ppp circuits
seperately connecting the terminal server network. You'd do the
different path, different provider, etc. on these circuits.

The ts' would be connected to the hub. If that failed, or the machine
was DOA, serial port. A TS may have a modem at each site for the 
hail mary connection.


> 
> IPv6 is also very useful in providing non-IPv4 management.

I always knew you could get deer meat from a deer. 



 



More information about the NANOG mailing list