Proper authentication model
Gernot W. Schmied
gernot.schmied at chello.at
Sun Jan 16 11:19:37 UTC 2005
Iljitsch van Beijnum wrote:
> On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
>>> True out of band management networks are very hard to build and very
>>> hard to use, and you run the risk that you can't get at your stuff
>>> because the management network is down.
>> IS-IS can be highly recommended for true out of band management, it is
>> reachable when IP goes down the drain entirely.
> To me, true "out of band management" means that the management traffic
> doesn't flow over production links. You are right that IS-IS can
> continue to function when IP is confused (although with integrated IS-IS
> OSI will probably be just as confused as IP). But IS-IS isn't a
> management protocol, of course. :-)
> IPv6 is also very useful in providing non-IPv4 management.
True, but integrated IS-IS is not true IS-IS strictly speaking. I am
referring to ISO CLNS/CLNP, who actually needs IP if you have other fine
network layer protocols alt your disposal ,-)?
I used to recommend this measure in combination with BRI ISDN management
lines, it's affordable and works without constantly testing analog
dialin. A dedicated infrastructure beyond that measure simply is not
justifiable economically. Besides, SDH and DWDM use separate management
approaches as well, so does SS7 infrastructure. It is always a
combination. Some people also use management VCIs/DLCIs which does not
buy you much.
More information about the NANOG