For our outof band management we do a number of things based the customer: 1. All sites must provide an ISDN dialin to a customer router giving us telnet access from a large central secured RAS. The NOC team telnet to the RAS and type ras>customer_name Conecting to 1.1.1.1 A very small number of staff can view the config of this RAS everyone else can just type "customer_name" they can not even look up these from the RAS. You either know the name or you get zip.Without this access the customers SLA for support calls is zip. They will get 4 hours HW swap only. 2. NOC Monitored customers we will use a diverse FR PVC this gives IP access to all the routers from behind layers of firewalls/secureid. We also use a Async link from our remote router to at least one Core routers console/aux. This is very useful for spotting things like power problems and crashed routers. All these sites will also include option 1 as the NOC team does *not* have direct IP access only telnet for SW upgrades a senior NOC manager has to be involved. 3. IPSec Tunnels , this is a new thing for us and its only starting to emerge and it is nearly always backed bu option 1. 4. Async modems attached to console/AUX ports this is managed in the same way as option 1. This is only used when ISDN is not an option for example for manage a lot of kit in remote telecoms shelves which do not support ISDN. 5. For the telecoms side we mostly depend on the inband signalling and some core SDH/ATM sites will have outofband using a combination of the above. In fact the last time I asked I was told they run X.25 pad,IP over X.25,IP over D channel,LAPD over timeslots,Async IP tunelling, CLNS over just about everything and 600 modems. The biggest problem by far is managing past your outofband port. I dont know how many customers are running 10.x.x.x so polling for stats using Openview became such a pain. We came up with another solution ;-). Regards, Kevin -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Sean Donelan Sent: 05 November 2001 21:48 To: nanog@merit.edu Subject: Re: out-of-band network experiences On Mon, 5 Nov 2001, Michael Chang wrote:
I would appreciate if you could share your experiences of settting up out-of-band management networks especially large # 50 - 100+ sites. Appreciate your experiences on the follwing and any other:
Most providers rely on dialup async terminal/console port access as their out-of-band management network. It is generally a terminal server connected to the equipment console ports, with a dialup modem for external access. A few (very few) providers have a dedicated out-of-band management network. Generally a frame-relay circuit to a management hub/router connected to the async terminal server and low-speed (10 meg) ethernet port on some routers. One problem with high-end routers, it is either expensive (lost opportunity cost) or impossible to connect low-speed circuits to high-end routers. Non-facility based providers often purchase their out-of-band circuits from a different provider than their primary circuits. AT&T is a popular supplier for out-of-band management networks. AT&T may not be price/competitive for high-bandwidth circuits, but for 64k/128k frame-relay management links, it may make sense. Carrier/facility based providers tend to use their own facilities. Yep, facility based providers have cut their own facilities in the past, including one provider which took their own NOC off-line for most of a day.