[120615] in North American Network Operators' Group
RE: ip-precedence for management traffic
daemon@ATHENA.MIT.EDU (Sachs, Marcus Hans (Marc))
Tue Dec 29 09:30:18 2009
Date: Tue, 29 Dec 2009 09:29:12 -0500
In-Reply-To: <4C939B99-2BC9-4A54-99B2-467B20841FB6@akcin.net>
From: "Sachs, Marcus Hans (Marc)" <marcus.sachs@verizon.com>
To: "NANOG list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Totally out of the box, but here goes: why don't we run the entire =
Internet management plane "out of band" so that customers have minimal =
ability to interact with routing updates, layer 3/4 protocols, DNS, =
etc.? I don't mean 100% exclusion for all customers, but for the =
average Joe-customer (residential, business, etc., not the researcher, =
network operator, or clueful content provider) do they really need to =
have full access to the Internet mechanisms (routing, naming, numbering, =
etc.)?
We already provide lots of proxy services for end users, so why not =
finish the job and move all of the management mechanisms out of plain =
sight?
Marc
-----Original Message-----
From: Mehmet Akcin [mailto:mehmet@akcin.net]=20
Sent: Tuesday, December 29, 2009 6:03 AM
To: NANOG list
Subject: Re: ip-precedence for management traffic
On Dec 29, 2009, at 2:07 AM, Dobbins, Roland wrote:
>=20
> On Dec 29, 2009, at 6:02 PM, Luca Tosolini wrote:
>=20
>> this leaves out only ipp 7 for management traffic, on the premise =
that routing and management should not share the same queue and =
resources.....
>=20
> Management-plane traffic should be sent/received via your DCN/OOB =
network, so that it's not competing with customer traffic nor subject to =
network partitions or other disruptive events. It should not be =
co-mingled with traffic on the production network.
Agreed, it's very important to have a management network that is =
reachable while you are under ddos or some kind of mess you or someone =
else've created. Often having something like an ADSL like connection =
will save trips to colo and will give you nice abilities to work on =
stuff when combined with serial management tools.
Mehmet
