Totally out of the box, but here goes: why don't we run the entire Internet management plane "out of band"
This has been one of my favorite conversation-stoppers for years. The PSTN fought tooth and nail against the need for OOB control, but 2600hz was a problem that they could not solve, so they bucked up and paid for a control plane. Where do you think we'd be now if Phreakers, Inc. still had access to a PSTN with an audio frequency, inband control plane? Don't we insist on, and brag over, data/control seperation within our devices? Isn't it groovy when a frame is never seen by the switch's CPU/SUP? Sure, I'm streching the analogy a bit here to make a point: many of our problems arise from giving bearer traffic access to the control plane. If the world wants an internet that is as predictable and reliable as the PSTN, it'll bear the cost of protecting the control plane. A fundamental choice in the protection scheme is physical architecture. IB or OOB, it's always a good thing to be explicit in design decisions, and not adopt legacy/heritage decisions without consideration. David PS: If you want OOB access to your gear when your core switches freak out, don't let those switches touch any frame between your WAN link and console ports.