[143081] in North American Network Operators' Group
Re: OOB
daemon@ATHENA.MIT.EDU (PC)
Wed Jul 27 16:43:13 2011
In-Reply-To: <CAL9jLaZ0So34Am_JLddtSsGbVSXVK=aW6uyoWcY8XTNGwMv4iw@mail.gmail.com>
Date: Wed, 27 Jul 2011 14:42:29 -0600
From: PC <paul4004@gmail.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If you can make a phone call, it generally works acceptable enough for a
basic SSH session. Lock the session at 1xrtt (if using CDMA) if you still
have problems (slow) and it will use what amounts to a voice channel. In
the USA, Verizon 4g LTE also offers some better in-building penetration
simply due to the spectrum used (700mhz).
On the 3g deployment I did, I built an ipsec vpn to the provider and have a
private IP assigned directly to the cellular device instead of individual
VPNs per-console server.
As for Equinox in particular, you might be able to use the house wifi
instead for your VPN...
Many vendors have 3g/wifi console servers (or both) that auto-vpn home. I
can't see a good reason to use analog lines anymore unless 3g isn't
serviceable at the location. If you can't afford a 3g device, you can roll
your own with any cheap router running DD-WRT or OpenWRT + usb ports +
usr/serial dongles. Use "ser2net" to handle the interface between TCP and =
a
serial port (but one could connect and use screen/whatever if they wanted).
On Tue, Jul 26, 2011 at 8:33 PM, Christopher Morrow <morrowc.lists@gmail.co=
m
> wrote:
> On Tue, Jul 26, 2011 at 5:34 PM, M=E5ns Nilsson <mansaxel@besserwisser.or=
g>
> wrote:
> > Subject: Re: OOB Date: Tue, Jul 26, 2011 at 10:14:21AM -0400 Quoting
> Christopher Morrow (morrowc.lists@gmail.com):
> >> On Tue, Jul 26, 2011 at 10:03 AM, Paul Stewart <paul@paulstewart.org>
> wrote:
> >> > We do everything in-band with strict monitoring/policies in place.
> >>
> >> what do you do if your in-band fails? if a router/switch/ROADM is
> >> isolated from the rest of your network?
> >> (isn't that the core point of the OP?)
> >
> > Vendor C sells nice small routers with something like CAB-OCTAL-ASYNC
> > _and_ a 3G modem instead of the BRI port. The 3G modem keeps its
> > connection up (our telecom provider has true flat rate on domestic 3G,
> > YMMV) and VPN's to the head office much like any other telecommuter. Th=
is
> > cuts through all telco stupidity with firewalled or NAT'ed 3G phones
> > etc, especially if one uses the break-out-from-hotel-LAN functions of
> > the VPN system. The router of course actively keeps the VPN up and
> > reestablishes it if needed.
>
> how well does that work inside a big metal box like equinix?
>
> You are, of course, just making a singular point: "Find something to
> make yourself an OOB network, hey this thing does vpn over 3g, neato!"
> I agree, it's neat.. it may not fit all square holes, sometimes you
> need a round or triangle shaped plug.
>
>
