[152275] in North American Network Operators' Group
Re: Securing OOB
daemon@ATHENA.MIT.EDU (Saku Ytti)
Mon Apr 23 09:32:28 2012
Date: Mon, 23 Apr 2012 16:31:11 +0300
From: Saku Ytti <saku@ytti.fi>
To: nanog@nanog.org
In-Reply-To: <0C22BF8A-8D00-4DE1-9733-D5746BC0FF60@ukbroadband.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On (2012-04-23 12:45 +0000), Leigh Porter wrote:
> I have juniper SRX110s that use the magic new multi site IPSec thing.
+1. This is the way to roll OOB, CPE (Cisco ISR, Juniper SRX), RS232
console server (opengear, avocent) and switch if you happen to have modern
gear which support proper OOB like Nexus7k, and not enough ports in the
CPE.
OOB CPE could be reused for other functions to justify cost, like DCN
router, both SRX and ISR have models doing CLNS routing.
With correct CPE, same CPE can do 3G, ADSL and ethernet, depending on what
is available in given site.
Some RS232 console servers do deliver subset of needed features, like 3G,
IPSEC and Ethernet might be there. But that does not mean that it'll be
OPEX nor CAPEX chaper to try to do it all in one box.
--
++ytti
