nanog mailing list archives

Re: OOB

From: harbor235 <harbor235 () gmail com>
Date: Tue, 26 Jul 2011 10:39:06 -0400

By VPN I meant a L3VPN for management only functions, and if there is a
L3VPN for management
does anyone extend that to managed CERs? I assumed running and MPLS SP core,
sorry.

I think a remote kit for console, ethernet, power is pretty standard I am
really interested in the other management
data for overall management like monitoring, flowdata, traffic analaysis,
authentication, logging, etc ....
Is this done in band or onthe dedicated OOB network?

mike

On Tue, Jul 26, 2011 at 10:31 AM, Pierre-Yves Maunier <nanog () maunier org>wrote:

Hello,

to administrate our core backbone routers, management is done inband, the
OOB is only for backup solution when the router is not reachable.
Others things (like our DWDM infrastructure which is RFC1918 addressed), we
use the OOB for the administration.

Our OOB is done this way :

Our principal core infrastructure is in Paris and we have our own dark
fiber backbone there, we decided to have a 'core oob infrastructure' :  a
layer 2 network dedicated for the OOB is built to cover all our pops (with
spanning tree for path protection) on dedicated dark fibers. On all pops we
have console servers (Opengear) that allow to access our routers console
ports remotely.
We also have 2 smalls Juniper firewalls in cluster to connect the 'outside
Paris' remote sites with VPNs.

On the pops outside Paris we have a basic layer 2 switch, a firewall, a
console server and we take IP connectivity from somebody onsite, the
firewall has a VPN to the 'core oob infranstructure' in Paris which allow us
to access everything.

The IP connectivity on the core oob infrastructure is provided by our
network with a backup IP connectivity from another provider which allow us
to access everything in our backbone in case of a total blackout on our AS.

Pierre-Yves

 2011/7/26 harbor235 <harbor235 () gmail com>

I am curious what is the best practice for OOB for a core
infrastructure environment. Obviously, there is
an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
there is OOB for core infrastructure
typically a separate basic network that utilizes diverse carrier and
diverse
path when available.

My question is, is it best practice to extend an inband VPN throughout for
device management functions as well?
And are all management services performed OOB, e.g network management,
some
monitoring, logging,
authentication, flowdata, etc ..... If a management VPN is used is it also
extended to managed customer devices?

What else is can be done for remote management and troubleshooting
capabilities?

Mike

Current thread:

Re: OOB, (continued)
- - - Re: OOB bmanning (Jul 26)
    - Re: OOB Måns Nilsson (Jul 26)
    - Re: OOB Christopher Morrow (Jul 26)
    - Re: OOB Joel Jaeggli (Jul 26)
    - Re: OOB Måns Nilsson (Jul 26)
    - Re: OOB PC (Jul 27)
- Re: OOB Cameron Byrne (Jul 26)
  - Re: OOB Arnold Nipper (Jul 26)
- Re: OOB Tim Eberhard (Jul 26)
- Re: OOB Pierre-Yves Maunier (Jul 26)
  - Re: OOB harbor235 (Jul 26)
- Re: OOB Dobbins, Roland (Jul 26)