[142993] in North American Network Operators' Group
Re: OOB
daemon@ATHENA.MIT.EDU (Eric Clark)
Tue Jul 26 10:15:15 2011
In-Reply-To: <018501cc4b9c$bdb1f6c0$3915e440$@org>
From: Eric Clark <cabenth@gmail.com>
Date: Tue, 26 Jul 2011 07:14:18 -0700
To: Paul Stewart <paul@paulstewart.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
As far as best practices, I'm not sure.=20
I've generally built an out of band network for the express purpose of savin=
g my behind in the event of an unanticipated traffic problem on the primary n=
etwork. Secondarily it allows secured access to equipment, and you can monit=
or (which is often not secure, read snmp) on it as well. However, I've never=
tried to extend one beyond a facility or campus exactly.=20
Lots depends on the type of network you're talking about and equipment you'r=
e using though.
E
Sent from my iPad which loves to "correct" my typing with interesting result=
s.
On Jul 26, 2011, at 7:03 AM, "Paul Stewart" <paul@paulstewart.org> wrote:
> We do everything in-band with strict monitoring/policies in place.
>=20
> Paul
>=20
>=20
> -----Original Message-----
> From: harbor235 [mailto:harbor235@gmail.com]=20
> Sent: Tuesday, July 26, 2011 9:57 AM
> To: NANOG list
> Subject: OOB
>=20
> I am curious what is the best practice for OOB for a core
> infrastructure environment. Obviously, there is
> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
> there is OOB for core infrastructure
> typically a separate basic network that utilizes diverse carrier and diver=
se
> path when available.
>=20
> My question is, is it best practice to extend an inband VPN throughout for=
> device management functions as well?
> And are all management services performed OOB, e.g network management, som=
e
> monitoring, logging,
> authentication, flowdata, etc ..... If a management VPN is used is it also=
> extended to managed customer devices?
>=20
> What else is can be done for remote management and troubleshooting
> capabilities?
>=20
> Mike
>=20
>=20
