Proper authentication model

Gernot W. Schmied gernot.schmied at
Sun Jan 16 11:19:37 UTC 2005

Iljitsch van Beijnum wrote:
> On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
>>> True out of band management networks are very hard to build and very 
>>> hard to use, and you run the risk that you can't get at your stuff 
>>> because the management network is down.
>> IS-IS can be highly recommended for true out of band management, it is 
>> reachable when IP goes down the drain entirely.
> To me, true "out of band management" means that the management traffic 
> doesn't flow over production links. You are right that IS-IS can 
> continue to function when IP is confused (although with integrated IS-IS 
> OSI will probably be just as confused as IP). But IS-IS isn't a 
> management protocol, of course.  :-)
> IPv6 is also very useful in providing non-IPv4 management.

True, but integrated IS-IS is not true IS-IS strictly speaking. I am 
referring to ISO CLNS/CLNP, who actually needs IP if you have other fine 
network layer protocols alt your disposal ,-)?

I used to recommend this measure in combination with BRI ISDN management 
lines, it's affordable and works without constantly testing analog 
dialin. A dedicated infrastructure beyond that measure simply is not 
justifiable economically. Besides, SDH and DWDM use separate management 
approaches as well, so does SS7 infrastructure. It is always a 
combination. Some people also use management VCIs/DLCIs which does not 
buy you much.

my 0.02$,

More information about the NANOG mailing list