OOB core router connectivity wish list

Saku Ytti saku at ytti.fi
Wed Jan 9 16:48:03 UTC 2013


On (2013-01-09 11:18 -0500), William Herrin wrote:

> (a) This is a P2 not a P1. Asking the OOB to be critically dependent
> on an external network element is dubious to begin with but even if
> desired it's usable without.

Agreed that P2 suffices. Usage scenario is installing fresh router. You
order router from vendor to remote location, notsosmarthands plug it to
wires, boom you configure it remotely.

> About the only time you'd strictly *need* dynamic configuration in an
> OOB is when directly connecting it to a commodity Internet link. If
> you're willing to give your poorly secured and rarely updated OOB a
> public IP address, you're a braver man than I am. If you are that

This is not absolute truth, but depends on what hat you wear. If you are DC
guy, you have handful of POPs, arranging proper OOB network there is a
breeze.
If you are incumbent, you can't buy anything externally, as everyone buys
from you, so you need to build separate network just for OOB.

All other service providers may have hundreds of pops, you're not going to
build non-revenue generating network to reach all those hundreds of pops,
just to build OOB.
You get cheapest connection you can get there, maybe competitor ADSL, cable
model, 3G, public WLAN, ISDN what ever is available which is not
fate-sharing with your network.
Then plug in say cisco CPE to the OOB port, which offers address via DHCP
and connect over IPSEC DMVPN to your own network. 0 touch installation of
new router. Some might be ghetto and omit the CPE and use IPSEC from the
management plane to openswan linux.

> (b) IPv6-only in an OOB won't be broadly acceptable for at least
> another 5 years if then. You'd be foolish not to include IPv6 support
> in a greenfield design -- the writing is on the wall -- but there are
> today very few scenarios in which an IPv4 only OOB would not be
> usable.

Agreed. IPv4 would be priority for most.

> For security and performance reasons, FTP has no place in a modern
> network. If you're still using it anywhere, you're borrowing grief.
> Replace with an http/https client.

http(s), scp would be my picks. Hell with FTP. 

> TFTP has such a strong legacy of use on routers that its presence
> remains just barely tolerable. For now.

There is no standard way to send arbitrary size files over TFTP, not worth
the pain.

-- 
  ++ytti



More information about the NANOG mailing list