On Tue, Jul 26, 2011 at 11:04 AM, Paul Stewart <p...@paulstewart.org> wrote: > Honestly - in our core network, this has only happened once in almost 10 > years... seriously. Everything in our core networks is redundant ... yes, I > know redundancy breaks of course ;) >
I hear you. > When it did happen, we had remote hands reboot the equipment and everything > was restored in approximately 30 minutes. > lucky that the breakage wasn't in east-elbonia...cause that does suck. "yea, we'll have to get someone on a plane, it'll be up in about 8 hrs..." > I'm not saying boldly that we won't get caught with our pants down some day > - just that previous experience has shown us to be prepared for the worst > and the worst hasn't occurred. We have looked at OOB options and it's been > discussed many times - it just slips off the radar constantly. Maybe it's > "once bitten, twice shy" that needs to occur for the priority to change > again. perhaps. but given a clean slate, would you: 1) live with more redundancy in the core and hope that you don't lose access to things downstream from a problem (or the problemchild itself) 2) think about a solution to provide OOB access via another infrastructure? Presume you can figure the costs as well so loss of a node/set-of-nodes SLA-wise is more expensive than 1yr of oob access? -chris > > -----Original Message----- > From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On > Behalf Of Christopher Morrow > Sent: Tuesday, July 26, 2011 10:14 AM > To: Paul Stewart > Cc: NANOG list > Subject: Re: OOB > > On Tue, Jul 26, 2011 at 10:03 AM, Paul Stewart <p...@paulstewart.org> wrote: >> We do everything in-band with strict monitoring/policies in place. > > what do you do if your in-band fails? if a router/switch/ROADM is > isolated from the rest of your network? > (isn't that the core point of the OP?) > >> -----Original Message----- >> From: harbor235 [mailto:harbor...@gmail.com] >> Sent: Tuesday, July 26, 2011 9:57 AM >> To: NANOG list >> Subject: OOB >> >> I am curious what is the best practice for OOB for a core >> infrastructure environment. Obviously, there is >> an OOB kit for customer managed devices via POTS, Ethernet, etc ... And >> there is OOB for core infrastructure >> typically a separate basic network that utilizes diverse carrier and > diverse >> path when available. >> >> My question is, is it best practice to extend an inband VPN throughout for >> device management functions as well? >> And are all management services performed OOB, e.g network management, > some >> monitoring, logging, >> authentication, flowdata, etc ..... If a management VPN is used is it also >> extended to managed customer devices? >> >> What else is can be done for remote management and troubleshooting >> capabilities? >> >> Mike >> >> >> > >
