OOB core router connectivity wish list
bill at herrin.us
Wed Jan 9 16:18:50 UTC 2013
On Wed, Jan 9, 2013 at 9:37 AM, Mikael Abrahamsson <swmike at swm.pp.se> wrote:
> I have together with some other people, collected a wish list for OOB
> support, mainly aimed for core routers.
I generally agree but have several quibbles:
> [P1]: The IP address of the OOB port should be set via DHCP/DHCPv6/SLAAC and
> should have both IPv4 and IPv6 support. If not both, then IPv6 only.
(a) This is a P2 not a P1. Asking the OOB to be critically dependent
on an external network element is dubious to begin with but even if
desired it's usable without.
About the only time you'd strictly *need* dynamic configuration in an
OOB is when directly connecting it to a commodity Internet link. If
you're willing to give your poorly secured and rarely updated OOB a
public IP address, you're a braver man than I am. If you are that
"brave" then you'll need a more robust set of dynamic configuration
tools than just the ones you've listed and you'll also need a dynamic
dns client or some other mechanism for the the OOB to let you know
what addresses it ended up on.
(b) IPv6-only in an OOB won't be broadly acceptable for at least
another 5 years if then. You'd be foolish not to include IPv6 support
in a greenfield design -- the writing is on the wall -- but there are
today very few scenarios in which an IPv4 only OOB would not be
> [P1]: It should be possible to transfer data using tftp, ftp and scp (ftp
> client on the OOB device, scp being used to transfer data *to* the device
> (OOB being scp server).
For security and performance reasons, FTP has no place in a modern
network. If you're still using it anywhere, you're borrowing grief.
Replace with an http/https client.
TFTP has such a strong legacy of use on routers that its presence
remains just barely tolerable. For now.
Have a look at how HP iLO3 makes use of http to implement virtual
media. You can upload an ISO image to a web server somewhere and then
instruct ilo to mount the URL as a virtual dvdrom. Best of all, if
your management session disconnects, the virtual media remains mounted
via the web server.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG