Totally out of the box, but here goes: why don't we run the entire Internet management plane "out of band" so that customers have minimal ability to interact with routing updates, layer 3/4 protocols, DNS, etc.? I don't mean 100% exclusion for all customers, but for the average Joe-customer (residential, business, etc., not the researcher, network operator, or clueful content provider) do they really need to have full access to the Internet mechanisms (routing, naming, numbering, etc.)? We already provide lots of proxy services for end users, so why not finish the job and move all of the management mechanisms out of plain sight? Marc -----Original Message----- From: Mehmet Akcin [mailto:mehmet@akcin.net] Sent: Tuesday, December 29, 2009 6:03 AM To: NANOG list Subject: Re: ip-precedence for management traffic On Dec 29, 2009, at 2:07 AM, Dobbins, Roland wrote:
On Dec 29, 2009, at 6:02 PM, Luca Tosolini wrote:
this leaves out only ipp 7 for management traffic, on the premise that routing and management should not share the same queue and resources.....
Management-plane traffic should be sent/received via your DCN/OOB network, so that it's not competing with customer traffic nor subject to network partitions or other disruptive events. It should not be co-mingled with traffic on the production network.
Agreed, it's very important to have a management network that is reachable while you are under ddos or some kind of mess you or someone else've created. Often having something like an ADSL like connection will save trips to colo and will give you nice abilities to work on stuff when combined with serial management tools. Mehmet