OOB

Paul Stewart paul at paulstewart.org
Tue Jul 26 15:04:40 UTC 2011 

Honestly - in our core network, this has only happened once in almost 10
years... seriously.  Everything in our core networks is redundant ... yes, I
know redundancy breaks of course ;)

When it did happen, we had remote hands reboot the equipment and everything
was restored in approximately 30 minutes.

I'm not saying boldly that we won't get caught with our pants down some day
- just that previous experience has shown us to be prepared for the worst
and the worst hasn't occurred. We have looked at OOB options and it's been
discussed many times - it just slips off the radar constantly.  Maybe it's
"once bitten, twice shy" that needs to occur for the priority to change
again.


-----Original Message-----
From: christopher.morrow at gmail.com [mailto:christopher.morrow at gmail.com] On
Behalf Of Christopher Morrow
Sent: Tuesday, July 26, 2011 10:14 AM
To: Paul Stewart
Cc: NANOG list
Subject: Re: OOB

On Tue, Jul 26, 2011 at 10:03 AM, Paul Stewart <paul at paulstewart.org> wrote:
> We do everything in-band with strict monitoring/policies in place.

what do you do if your in-band fails? if a router/switch/ROADM is
isolated from the rest of your network?
(isn't that the core point of the OP?)

> -----Original Message-----
> From: harbor235 [mailto:harbor235 at gmail.com]
> Sent: Tuesday, July 26, 2011 9:57 AM
> To: NANOG list
> Subject: OOB
>
> I am curious what is the best practice for OOB for a core
> infrastructure environment. Obviously, there is
> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
> there is OOB for core infrastructure
> typically a separate basic network that utilizes diverse carrier and
diverse
> path when available.
>
> My question is, is it best practice to extend an inband VPN throughout for
> device management functions as well?
> And are all management services performed OOB, e.g network management,
some
> monitoring, logging,
> authentication, flowdata, etc ..... If a management VPN is used is it also
> extended to managed customer devices?
>
> What else is can be done for remote management and troubleshooting
> capabilities?
>
> Mike
>
>
>

More information about the NANOG mailing list