Hello, to administrate our core backbone routers, management is done inband, the OOB is only for backup solution when the router is not reachable. Others things (like our DWDM infrastructure which is RFC1918 addressed), we use the OOB for the administration. Our OOB is done this way : Our principal core infrastructure is in Paris and we have our own dark fiber backbone there, we decided to have a 'core oob infrastructure' : a layer 2 network dedicated for the OOB is built to cover all our pops (with spanning tree for path protection) on dedicated dark fibers. On all pops we have console servers (Opengear) that allow to access our routers console ports remotely. We also have 2 smalls Juniper firewalls in cluster to connect the 'outside Paris' remote sites with VPNs. On the pops outside Paris we have a basic layer 2 switch, a firewall, a console server and we take IP connectivity from somebody onsite, the firewall has a VPN to the 'core oob infranstructure' in Paris which allow us to access everything. The IP connectivity on the core oob infrastructure is provided by our network with a backup IP connectivity from another provider which allow us to access everything in our backbone in case of a total blackout on our AS. Pierre-Yves 2011/7/26 harbor235 <harbor235@gmail.com>
I am curious what is the best practice for OOB for a core infrastructure environment. Obviously, there is an OOB kit for customer managed devices via POTS, Ethernet, etc ... And there is OOB for core infrastructure typically a separate basic network that utilizes diverse carrier and diverse path when available.
My question is, is it best practice to extend an inband VPN throughout for device management functions as well? And are all management services performed OOB, e.g network management, some monitoring, logging, authentication, flowdata, etc ..... If a management VPN is used is it also extended to managed customer devices?
What else is can be done for remote management and troubleshooting capabilities?
Mike