nanog mailing list archives
RE: Proper authentication model
From: "Hannigan, Martin" <hannigan () verisign com>
Date: Wed, 12 Jan 2005 10:16:20 -0500
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of Iljitsch van Beijnum Sent: Wednesday, January 12, 2005 6:25 AM To: Gernot W. Schmied Cc: NANOG list Subject: Re: Proper authentication model On 12-jan-05, at 11:30, Gernot W. Schmied wrote:True out of band management networks are very hard tobuild and veryhard to use, and you run the risk that you can't get at your stuff because the management network is down.IS-IS can be highly recommended for true out of bandmanagement, it isreachable when IP goes down the drain entirely.To me, true "out of band management" means that the management traffic doesn't flow over production links. You are right that IS-IS can continue to function when IP is confused (although with integrated IS-IS OSI will probably be just as confused as IP). But IS-IS isn't a management protocol, of course. :-)
Out of band management isn't telnetting from your desktop to the serial port. Mgmt and surveillance is the Bellcore standard for out of band. It means your M/S is not riding your customer or public networks, and it's physically seperate. Yes, this is the cadillac method, but the only way to support five nines IMHO. If you have 3 sites and they're interconnected via an OC3 and the internet, you would also have 2 frame or ppp circuits seperately connecting the terminal server network. You'd do the different path, different provider, etc. on these circuits. The ts' would be connected to the hub. If that failed, or the machine was DOA, serial port. A TS may have a modem at each site for the hail mary connection.
IPv6 is also very useful in providing non-IPv4 management.
I always knew you could get deer meat from a deer.
Current thread:
- Re: Proper authentication model, (continued)
- Re: Proper authentication model Iljitsch van Beijnum (Jan 12)
- Re: Proper authentication model David Gethings (Jan 12)
- Re: Proper authentication model Erik Haagsman (Jan 12)
- Re: Proper authentication model Daniel Golding (Jan 12)
- Re: Proper authentication model Erik Haagsman (Jan 13)
- Re: Proper authentication model Gernot W. Schmied (Jan 16)
- Re: Proper authentication model Joe Abley (Jan 11)
- Re: Proper authentication model Stephen Stuart (Jan 12)
- Re: Proper authentication model Joe Abley (Jan 12)
- RE: Proper authentication model Steve Gibbard (Jan 12)
- Re: Proper authentication model Joe Abley (Jan 12)
- Re: Proper authentication model Daniel Golding (Jan 12)
- Re: Proper authentication model Michael . Dillon (Jan 13)
- Re: Proper authentication model Owen DeLong (Jan 13)
- Re: Proper authentication model John Bittenbender (Jan 16)