ip-precedence for management traffic
Sachs, Marcus Hans (Marc)
marcus.sachs at verizon.com
Tue Dec 29 08:29:12 CST 2009
Totally out of the box, but here goes: why don't we run the entire Internet management plane "out of band" so that customers have minimal ability to interact with routing updates, layer 3/4 protocols, DNS, etc.? I don't mean 100% exclusion for all customers, but for the average Joe-customer (residential, business, etc., not the researcher, network operator, or clueful content provider) do they really need to have full access to the Internet mechanisms (routing, naming, numbering, etc.)?
We already provide lots of proxy services for end users, so why not finish the job and move all of the management mechanisms out of plain sight?
From: Mehmet Akcin [mailto:mehmet at akcin.net]
Sent: Tuesday, December 29, 2009 6:03 AM
To: NANOG list
Subject: Re: ip-precedence for management traffic
On Dec 29, 2009, at 2:07 AM, Dobbins, Roland wrote:
> On Dec 29, 2009, at 6:02 PM, Luca Tosolini wrote:
>> this leaves out only ipp 7 for management traffic, on the premise that routing and management should not share the same queue and resources.....
> Management-plane traffic should be sent/received via your DCN/OOB network, so that it's not competing with customer traffic nor subject to network partitions or other disruptive events. It should not be co-mingled with traffic on the production network.
Agreed, it's very important to have a management network that is reachable while you are under ddos or some kind of mess you or someone else've created. Often having something like an ADSL like connection will save trips to colo and will give you nice abilities to work on stuff when combined with serial management tools.
More information about the NANOG