As far as best practices, I'm not sure. I've generally built an out of band network for the express purpose of saving my behind in the event of an unanticipated traffic problem on the primary network. Secondarily it allows secured access to equipment, and you can monitor (which is often not secure, read snmp) on it as well. However, I've never tried to extend one beyond a facility or campus exactly. Lots depends on the type of network you're talking about and equipment you're using though. E Sent from my iPad which loves to "correct" my typing with interesting results. On Jul 26, 2011, at 7:03 AM, "Paul Stewart" <paul@paulstewart.org> wrote:
We do everything in-band with strict monitoring/policies in place.
Paul
-----Original Message----- From: harbor235 [mailto:harbor235@gmail.com] Sent: Tuesday, July 26, 2011 9:57 AM To: NANOG list Subject: OOB
I am curious what is the best practice for OOB for a core infrastructure environment. Obviously, there is an OOB kit for customer managed devices via POTS, Ethernet, etc ... And there is OOB for core infrastructure typically a separate basic network that utilizes diverse carrier and diverse path when available.
My question is, is it best practice to extend an inband VPN throughout for device management functions as well? And are all management services performed OOB, e.g network management, some monitoring, logging, authentication, flowdata, etc ..... If a management VPN is used is it also extended to managed customer devices?
What else is can be done for remote management and troubleshooting capabilities?
Mike