On 23/12/2025 19:51:54, "Lukasz Bromirski via NANOG" <nanog@lists.nanog.org> wrote:
On 23 Dec 2025, at 20:04, Saku Ytti via NANOG <nanog@lists.nanog.org> wrote:
And I will apologise for all of us customers, we are wrong, you were right with CMP, you were right with BMC. It is blind spot we have and we need education.
Too soon, it will take a whole infra refresh cycle for such a change to be adopted. Something that is in one product generation is not going to get much use. New things get mingled with old things all connected to old OOB. All the old things need the new tech before we can get rid of the old OOB and in our case it does not change the OOB much, just another ethernet port instead of a serial port.
I lead platform (hardware) development for Cisco Firewalls. I can tell you, that during my discussions with all of our Customers, from biggest to smallest ones, security folks don't appreciate fully dedicated, separate out-of-band management ports, with their own OS that's available no-matter-what.
It will just sit alongside the control plane management ethernet port so probably no advantage to them for the few occasions that port locks up. When it does lock up they just send a tech or use the PDU relay to switch it off and on again. I'm even fine with it remaining serial. As an original Sun LOM adopter I value the LOM being really simple and not another OS with added attack surface to maintain. A built in BMC sharing ports with other stuff sounds less reliable to me.
And even *I* have LTE access to my own rack(s), including console ports.
We just use ISR 4451: serial, ethernet, 4G, sfp for OOB waves, dual psu, big spare SM slot to hide the rPI DMZ host, all in one box. Only external part is the managed PDU. brandon