North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Proper authentication model

  • From: Gernot W. Schmied
  • Date: Sun Jan 16 06:20:53 2005 
Iljitsch van Beijnum wrote:

On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
True out of band management networks are very hard to build and very hard to use, and you run the risk that you can't get at your stuff because the management network is down.


IS-IS can be highly recommended for true out of band management, it is
reachable when IP goes down the drain entirely.





To me, true "out of band management" means that the management traffic
doesn't flow over production links. You are right that IS-IS can
continue to function when IP is confused (although with integrated IS-IS
OSI will probably be just as confused as IP). But IS-IS isn't a
management protocol, of course. :-)



IPv6 is also very useful in providing non-IPv4 management.







True, but integrated IS-IS is not true IS-IS strictly speaking. I am
referring to ISO CLNS/CLNP, who actually needs IP if you have other fine
network layer protocols alt your disposal ,-)?



I used to recommend this measure in combination with BRI ISDN management
lines, it's affordable and works without constantly testing analog
dialin. A dedicated infrastructure beyond that measure simply is not
justifiable economically. Besides, SDH and DWDM use separate management
approaches as well, so does SS7 infrastructure. It is always a
combination. Some people also use management VCIs/DLCIs which does not
buy you much.



my 0.02$,

Gernot