Re: OOB

[Eric Clark <cabenth () gmail com>]

As far as best practices, I'm not sure. 

I've generally built an out of band network for the express purpose of saving my behind in the event of an 
unanticipated traffic problem on the primary network. Secondarily it allows secured access to equipment, and you can 
monitor (which is often not secure, read snmp) on it as well. However, I've never tried to extend one beyond a facility 
or campus exactly. 

Lots depends on the type of network you're talking about and equipment you're using though.

E


Sent from my iPad which loves to "correct" my typing with interesting results.

On Jul 26, 2011, at 7:03 AM, "Paul Stewart" <paul () paulstewart org> wrote:

> We do everything in-band with strict monitoring/policies in place.
>
> Paul
>
>
> -----Original Message-----
> From: harbor235 [mailto:harbor235 () gmail com] 
> Sent: Tuesday, July 26, 2011 9:57 AM
> To: NANOG list
> Subject: OOB
>
> I am curious what is the best practice for OOB for a core
> infrastructure environment. Obviously, there is
> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
> there is OOB for core infrastructure
> typically a separate basic network that utilizes diverse carrier and diverse
> path when available.
>
> My question is, is it best practice to extend an inband VPN throughout for
> device management functions as well?
> And are all management services performed OOB, e.g network management, some
> monitoring, logging,
> authentication, flowdata, etc ..... If a management VPN is used is it also
> extended to managed customer devices?
>
> What else is can be done for remote management and troubleshooting
> capabilities?
>
> Mike