nanog mailing list archives

Re: OOB core router connectivity wish list

From: Saku Ytti <saku () ytti fi>
Date: Wed, 9 Jan 2013 18:48:03 +0200

On (2013-01-09 11:18 -0500), William Herrin wrote:

(a) This is a P2 not a P1. Asking the OOB to be critically dependent
on an external network element is dubious to begin with but even if
desired it's usable without.


Agreed that P2 suffices. Usage scenario is installing fresh router. You
order router from vendor to remote location, notsosmarthands plug it to
wires, boom you configure it remotely.

About the only time you'd strictly *need* dynamic configuration in an
OOB is when directly connecting it to a commodity Internet link. If
you're willing to give your poorly secured and rarely updated OOB a
public IP address, you're a braver man than I am. If you are that


This is not absolute truth, but depends on what hat you wear. If you are DC
guy, you have handful of POPs, arranging proper OOB network there is a
breeze.
If you are incumbent, you can't buy anything externally, as everyone buys
from you, so you need to build separate network just for OOB.

All other service providers may have hundreds of pops, you're not going to
build non-revenue generating network to reach all those hundreds of pops,
just to build OOB.
You get cheapest connection you can get there, maybe competitor ADSL, cable
model, 3G, public WLAN, ISDN what ever is available which is not
fate-sharing with your network.
Then plug in say cisco CPE to the OOB port, which offers address via DHCP
and connect over IPSEC DMVPN to your own network. 0 touch installation of
new router. Some might be ghetto and omit the CPE and use IPSEC from the
management plane to openswan linux.

(b) IPv6-only in an OOB won't be broadly acceptable for at least
another 5 years if then. You'd be foolish not to include IPv6 support
in a greenfield design -- the writing is on the wall -- but there are
today very few scenarios in which an IPv4 only OOB would not be
usable.


Agreed. IPv4 would be priority for most.

For security and performance reasons, FTP has no place in a modern
network. If you're still using it anywhere, you're borrowing grief.
Replace with an http/https client.


http(s), scp would be my picks. Hell with FTP.

TFTP has such a strong legacy of use on routers that its presence
remains just barely tolerable. For now.


There is no standard way to send arbitrary size files over TFTP, not worth
the pain.

-- 
  ++ytti

Current thread:

OOB core router connectivity wish list Mikael Abrahamsson (Jan 09)
- Re: OOB core router connectivity wish list Saku Ytti (Jan 09)
- Re: OOB core router connectivity wish list William Herrin (Jan 09)
  - Re: OOB core router connectivity wish list Christopher Morrow (Jan 09)
    - Re: OOB core router connectivity wish list William Herrin (Jan 09)
    - Re: OOB core router connectivity wish list Mikael Abrahamsson (Jan 09)
  - Re: OOB core router connectivity wish list Saku Ytti (Jan 09)
    - Re: OOB core router connectivity wish list Mikael Abrahamsson (Jan 09)
  - Re: OOB core router connectivity wish list Jared Mauch (Jan 10)
    - Re: OOB core router connectivity wish list Nick Hilliard (Jan 10)
    - Re: OOB core router connectivity wish list Christopher Morrow (Jan 10)
    - Re: OOB core router connectivity wish list sthaug (Jan 10)
    - Re: OOB core router connectivity wish list Christopher Morrow (Jan 10)
    - Re: OOB core router connectivity wish list Mikael Abrahamsson (Jan 10)
    - Re: OOB core router connectivity wish list Jared Mauch (Jan 10)
    - Re: OOB core router connectivity wish list Michael Thomas (Jan 10)
    - Re: OOB core router connectivity wish list Charles N Wyble (Jan 10)

(Thread continues...)