[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


As far as best practices, I'm not sure. 

I've generally built an out of band network for the express purpose of saving my behind in the event of an unanticipated traffic problem on the primary network. Secondarily it allows secured access to equipment, and you can monitor (which is often not secure, read snmp) on it as well. However, I've never tried to extend one beyond a facility or campus exactly. 

Lots depends on the type of network you're talking about and equipment you're using though.


Sent from my iPad which loves to "correct" my typing with interesting results.

On Jul 26, 2011, at 7:03 AM, "Paul Stewart" <paul at paulstewart.org> wrote:

> We do everything in-band with strict monitoring/policies in place.
> Paul
> -----Original Message-----
> From: harbor235 [mailto:harbor235 at gmail.com] 
> Sent: Tuesday, July 26, 2011 9:57 AM
> To: NANOG list
> Subject: OOB
> I am curious what is the best practice for OOB for a core
> infrastructure environment. Obviously, there is
> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
> there is OOB for core infrastructure
> typically a separate basic network that utilizes diverse carrier and diverse
> path when available.
> My question is, is it best practice to extend an inband VPN throughout for
> device management functions as well?
> And are all management services performed OOB, e.g network management, some
> monitoring, logging,
> authentication, flowdata, etc ..... If a management VPN is used is it also
> extended to managed customer devices?
> What else is can be done for remote management and troubleshooting
> capabilities?
> Mike