nanog mailing list archives

Re: OOB

From: Pierre-Yves Maunier <nanog () maunier org>
Date: Tue, 26 Jul 2011 16:31:18 +0200

Hello,

to administrate our core backbone routers, management is done inband, the
OOB is only for backup solution when the router is not reachable.
Others things (like our DWDM infrastructure which is RFC1918 addressed), we
use the OOB for the administration.

Our OOB is done this way :

Our principal core infrastructure is in Paris and we have our own dark fiber
backbone there, we decided to have a 'core oob infrastructure' :  a layer 2
network dedicated for the OOB is built to cover all our pops (with spanning
tree for path protection) on dedicated dark fibers. On all pops we have
console servers (Opengear) that allow to access our routers console ports
remotely.
We also have 2 smalls Juniper firewalls in cluster to connect the 'outside
Paris' remote sites with VPNs.

On the pops outside Paris we have a basic layer 2 switch, a firewall, a
console server and we take IP connectivity from somebody onsite, the
firewall has a VPN to the 'core oob infranstructure' in Paris which allow us
to access everything.

The IP connectivity on the core oob infrastructure is provided by our
network with a backup IP connectivity from another provider which allow us
to access everything in our backbone in case of a total blackout on our AS.

Pierre-Yves

2011/7/26 harbor235 <harbor235 () gmail com>

I am curious what is the best practice for OOB for a core
infrastructure environment. Obviously, there is
an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
there is OOB for core infrastructure
typically a separate basic network that utilizes diverse carrier and
diverse
path when available.

My question is, is it best practice to extend an inband VPN throughout for
device management functions as well?
And are all management services performed OOB, e.g network management, some
monitoring, logging,
authentication, flowdata, etc ..... If a management VPN is used is it also
extended to managed customer devices?

What else is can be done for remote management and troubleshooting
capabilities?

Mike

Current thread:

Re: OOB, (continued)
- - - Re: OOB Christopher Morrow (Jul 26)
    - Re: OOB bmanning (Jul 26)
    - Re: OOB Måns Nilsson (Jul 26)
    - Re: OOB Christopher Morrow (Jul 26)
    - Re: OOB Joel Jaeggli (Jul 26)
    - Re: OOB Måns Nilsson (Jul 26)
    - Re: OOB PC (Jul 27)
- Re: OOB Cameron Byrne (Jul 26)
  - Re: OOB Arnold Nipper (Jul 26)
- Re: OOB Tim Eberhard (Jul 26)
- Re: OOB Pierre-Yves Maunier (Jul 26)
  - Re: OOB harbor235 (Jul 26)
- Re: OOB Dobbins, Roland (Jul 26)