On 23/12/2025 19:51:54, "Lukasz Bromirski via NANOG"
<[email protected]> wrote:
On 23 Dec 2025, at 20:04, Saku Ytti via NANOG <[email protected]>
wrote:
And I will apologise for all of us customers, we are wrong, you were
right with CMP, you were right with BMC. It is blind spot we have and
we need education.
Too soon, it will take a whole infra refresh cycle for such
a change to be adopted. Something that is in one product
generation is not going to get much use.
New things get mingled with old things all connected to old
OOB. All the old things need the new tech before we can get
rid of the old OOB and in our case it does not change the
OOB much, just another ethernet port instead of a serial
port.
I lead platform (hardware) development for Cisco Firewalls. I can tell you,
that during my discussions with all of our Customers, from biggest to smallest
ones, security folks don't appreciate fully dedicated, separate out-of-band
management ports, with their own OS that's available no-matter-what.
It will just sit alongside the control plane management ethernet port
so probably no advantage to them for the few occasions that port
locks up. When it does lock up they just send a tech or use the
PDU relay to switch it off and on again.
I'm even fine with it remaining serial. As an original Sun LOM adopter
I value the LOM being really simple and not another OS with added
attack surface to maintain. A built in BMC sharing ports with other
stuff sounds less reliable to me.
And even *I* have LTE access to my own rack(s), including console
ports.
We just use ISR 4451: serial, ethernet, 4G, sfp for OOB waves,
dual psu, big spare SM slot to hide the rPI DMZ host, all in one box.
Only external part is the managed PDU.
brandon
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/YPZOA75KHCURDJ6RVMBIUTHGLIPAU65G/
