Tue, Dec 23, 2025 at 08:51:54PM +0100, Lukasz Bromirski via NANOG:
I'm pretty sure you're half-joking and half-not, but that's the reality. I lead platform (hardware) development for Cisco Firewalls. I can tell you, that during my discussions with all of our Customers, from biggest to smallest ones, security folks don't appreciate fully dedicated, separate out-of-band management ports, with their own OS that's available no-matter-what.
I'd expect that, from a security perspective, one problem is that BMCs are often neglected by both the customer and the mfg. eg, they often never receive a s/w update for the life of the product or the update procedure is arcane and unautomatable; both like smc and unacceptable. Regardless, maybe provide a jumper to disable the bmc, like smc does? Provide a sku that comes with it disabled, if you must. It might not fit all user scenarios, but a bmc port that is shared with the mgmt port, per-RP, would also save mgmt network ports. like some smc boards. And, just have a cli and a command that connects to a tty on the RP. No guis, no curses magic, no menus; KISS. Sun's LOM was a great impl.
- you vote with your wallets
how much is really saved? is it actually a noticable cost? make it a daughter card?