[77186] in North American Network Operators' Group
Re: Proper authentication model
daemon@ATHENA.MIT.EDU (Gernot W. Schmied)
Sun Jan 16 06:20:13 2005
Date: Sun, 16 Jan 2005 12:19:37 +0100
From: "Gernot W. Schmied" <gernot.schmied@chello.at>
To: NANOG list <nanog@merit.edu>
In-Reply-To: <A52A4B9C-648C-11D9-8E23-000A95CD987A@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
Iljitsch van Beijnum wrote:
>
> On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
>
>>> True out of band management networks are very hard to build and very
>>> hard to use, and you run the risk that you can't get at your stuff
>>> because the management network is down.
>
>
>> IS-IS can be highly recommended for true out of band management, it is
>> reachable when IP goes down the drain entirely.
>
>
> To me, true "out of band management" means that the management traffic
> doesn't flow over production links. You are right that IS-IS can
> continue to function when IP is confused (although with integrated IS-IS
> OSI will probably be just as confused as IP). But IS-IS isn't a
> management protocol, of course. :-)
>
> IPv6 is also very useful in providing non-IPv4 management.
>
>
True, but integrated IS-IS is not true IS-IS strictly speaking. I am
referring to ISO CLNS/CLNP, who actually needs IP if you have other fine
network layer protocols alt your disposal ,-)?
I used to recommend this measure in combination with BRI ISDN management
lines, it's affordable and works without constantly testing analog
dialin. A dedicated infrastructure beyond that measure simply is not
justifiable economically. Besides, SDH and DWDM use separate management
approaches as well, so does SS7 infrastructure. It is always a
combination. Some people also use management VCIs/DLCIs which does not
buy you much.
my 0.02$,
Gernot
