[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


By VPN I meant a L3VPN for management only functions, and if there is a
L3VPN for management
does anyone extend that to managed CERs? I assumed running and MPLS SP core,

I think a remote kit for console, ethernet, power is pretty standard I am
really interested in the other management
data for overall management like monitoring, flowdata, traffic analaysis,
authentication, logging, etc ....
Is this done in band or onthe dedicated OOB network?


On Tue, Jul 26, 2011 at 10:31 AM, Pierre-Yves Maunier <nanog at maunier.org>wrote:

> Hello,
> to administrate our core backbone routers, management is done inband, the
> OOB is only for backup solution when the router is not reachable.
> Others things (like our DWDM infrastructure which is RFC1918 addressed), we
> use the OOB for the administration.
> Our OOB is done this way :
> Our principal core infrastructure is in Paris and we have our own dark
> fiber backbone there, we decided to have a 'core oob infrastructure' :  a
> layer 2 network dedicated for the OOB is built to cover all our pops (with
> spanning tree for path protection) on dedicated dark fibers. On all pops we
> have console servers (Opengear) that allow to access our routers console
> ports remotely.
> We also have 2 smalls Juniper firewalls in cluster to connect the 'outside
> Paris' remote sites with VPNs.
> On the pops outside Paris we have a basic layer 2 switch, a firewall, a
> console server and we take IP connectivity from somebody onsite, the
> firewall has a VPN to the 'core oob infranstructure' in Paris which allow us
> to access everything.
> The IP connectivity on the core oob infrastructure is provided by our
> network with a backup IP connectivity from another provider which allow us
> to access everything in our backbone in case of a total blackout on our AS.
> Pierre-Yves
>  2011/7/26 harbor235 <harbor235 at gmail.com>
>> I am curious what is the best practice for OOB for a core
>> infrastructure environment. Obviously, there is
>> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
>> there is OOB for core infrastructure
>> typically a separate basic network that utilizes diverse carrier and
>> diverse
>> path when available.
>> My question is, is it best practice to extend an inband VPN throughout for
>> device management functions as well?
>> And are all management services performed OOB, e.g network management,
>> some
>> monitoring, logging,
>> authentication, flowdata, etc ..... If a management VPN is used is it also
>> extended to managed customer devices?
>> What else is can be done for remote management and troubleshooting
>> capabilities?
>> Mike