nanog mailing list archives
Re: OOB
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 26 Jul 2011 11:09:25 -0400
On Tue, Jul 26, 2011 at 11:04 AM, Paul Stewart <paul () paulstewart org> wrote:
Honestly - in our core network, this has only happened once in almost 10 years... seriously. Everything in our core networks is redundant ... yes, I know redundancy breaks of course ;)
I hear you.
When it did happen, we had remote hands reboot the equipment and everything was restored in approximately 30 minutes.
lucky that the breakage wasn't in east-elbonia...cause that does suck. "yea, we'll have to get someone on a plane, it'll be up in about 8 hrs..."
I'm not saying boldly that we won't get caught with our pants down some day - just that previous experience has shown us to be prepared for the worst and the worst hasn't occurred. We have looked at OOB options and it's been discussed many times - it just slips off the radar constantly. Maybe it's "once bitten, twice shy" that needs to occur for the priority to change again.
perhaps. but given a clean slate, would you: 1) live with more redundancy in the core and hope that you don't lose access to things downstream from a problem (or the problemchild itself) 2) think about a solution to provide OOB access via another infrastructure? Presume you can figure the costs as well so loss of a node/set-of-nodes SLA-wise is more expensive than 1yr of oob access? -chris
-----Original Message----- From: christopher.morrow () gmail com [mailto:christopher.morrow () gmail com] On Behalf Of Christopher Morrow Sent: Tuesday, July 26, 2011 10:14 AM To: Paul Stewart Cc: NANOG list Subject: Re: OOB On Tue, Jul 26, 2011 at 10:03 AM, Paul Stewart <paul () paulstewart org> wrote:We do everything in-band with strict monitoring/policies in place.what do you do if your in-band fails? if a router/switch/ROADM is isolated from the rest of your network? (isn't that the core point of the OP?)-----Original Message----- From: harbor235 [mailto:harbor235 () gmail com] Sent: Tuesday, July 26, 2011 9:57 AM To: NANOG list Subject: OOB I am curious what is the best practice for OOB for a core infrastructure environment. Obviously, there is an OOB kit for customer managed devices via POTS, Ethernet, etc ... And there is OOB for core infrastructure typically a separate basic network that utilizes diverse carrier anddiversepath when available. My question is, is it best practice to extend an inband VPN throughout for device management functions as well? And are all management services performed OOB, e.g network management,somemonitoring, logging, authentication, flowdata, etc ..... If a management VPN is used is it also extended to managed customer devices? What else is can be done for remote management and troubleshooting capabilities? Mike
Current thread:
- OOB harbor235 (Jul 26)
- Re: OOB Måns Nilsson (Jul 26)
- Re: OOB Christopher Morrow (Jul 26)
- Re: OOB Joel Jaeggli (Jul 26)
- Re: OOB Måns Nilsson (Jul 26)
- Re: OOB PC (Jul 27)
- Re: OOB Arnold Nipper (Jul 26)