On Wed, 12 Jan 2005 12:58:43 -0500, Hannigan, Martin
<[EMAIL PROTECTED]> wrote:
>
>
> > -Original Message-
> > From: Joe Abley [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, January 12, 2005 12:05 PM
> > To: Hannigan, Martin
> > Cc: NANOG l
Iljitsch van Beijnum wrote:
On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
True out of band management networks are very hard to build and very
hard to use, and you run the risk that you can't get at your stuff
because the management network is down.
IS-IS can be highly recommended for true ou
That's great if you want to trust one carrier to provide all your seperacy,
but, when you want to make sure carrier A isn't running your ring in common
with carrier B, you need GIS data.
Owen
--On Thursday, January 13, 2005 10:36 AM + [EMAIL PROTECTED]
wrote:
> My point was that competing, d
On Wed, 2005-01-12 at 20:12, Daniel Golding wrote:
>
> The biggest problem I've seen with dial-up OOB is reliability. You really
> need you really need to have a good series of testing scripts to ensure that
> all the phone lines are working, modems have reset properly, serial ports
> are ok, etc
> > My point was that competing, differently-named and
> > organisationally-separate suppliers of network services frequently use
> > common suppliers for metro fibre, long-haul transport, building
access,
> > etc. Just because you buy different services from different providers
> > doesn't mean
EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
CC: NANOG list
Sent: Wed Jan 12 14:35:21 2005
Subject: RE: Proper authentication model
On Wed, 12 Jan 2005, Hannigan, Martin wrote:
> Out of band management isn't telnetting from your desktop to
&g
> -Original Message-
> From: Steve Gibbard [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 12, 2005 5:35 PM
> To: Hannigan, Martin
> Cc: NANOG list
> Subject: RE: Proper authentication model
>
>
> On Wed, 12 Jan 2005, Hannigan, Martin wrote:
>
[
On Wed, 12 Jan 2005, Hannigan, Martin wrote:
> Out of band management isn't telnetting from your desktop to
> the serial port.
>
> Mgmt and surveillance is the Bellcore standard for out of band.
> It means your M/S is not riding your customer or public networks, and
> it's physically seperate. Ye
On 1/12/05 12:05 PM, "Joe Abley" <[EMAIL PROTECTED]> wrote:
>
>
> On 12 Jan 2005, at 11:53, Hannigan, Martin wrote:
>
>>> You mean you'd *request* a different path from different providers.
>>
>> Provisioning a circuit from two different ^providers^, other than
>> your OC3 provider.
>
> I re
On 1/12/05 8:46 AM, "Erik Haagsman" <[EMAIL PROTECTED]> wrote:
>
> On Wed, 2005-01-12 at 12:37, David Gethings wrote:
>> On Wed, 2005-01-12 at 12:25 +0100, Iljitsch van Beijnum wrote:
>>> IPv6 is also very useful in providing non-IPv4 management.
>> Well if we're offering protocols other than IP
> -Original Message-
> From: Joe Abley [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 12, 2005 12:05 PM
> To: Hannigan, Martin
> Cc: NANOG list
> Subject: Re: Proper authentication model
>
>
>
> On 12 Jan 2005, at 11:53, Hannigan, Martin wrote:
>
On 12 Jan 2005, at 11:53, Hannigan, Martin wrote:
You mean you'd *request* a different path from different providers.
Provisioning a circuit from two different ^providers^, other than
your OC3 provider.
I realise that's what you meant.
My point was that competing, differently-named and
organisati
> -Original Message-
> From: Joe Abley [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 12, 2005 10:55 AM
> To: Hannigan, Martin
> Cc: NANOG list
> Subject: Re: Proper authentication model
>
>
>
> On 12 Jan 2005, at 10:16, Hannigan, Martin wrote:
> When crafting the ACL that restricts what source IP{,v6} addresses may
> ssh to the router, you may want to include each router's neighbors by
> both their loopback and any interface addresses that might source a
> packet (if your security policy permits it).
I forgot a phrase: [that might sou
[...]
> 2) An OpenBSD bastion host(s), where the NOC would ssh in, get
> authenticated from TACACS+ or ssh certs, and then just telnet from
> there all day,
[...] (and s/telnet/ssh as has been suggested already)
> 3) Or just an IOS based bastion router that also runs ssh,
[...]
When crafting
On 12 Jan 2005, at 10:16, Hannigan, Martin wrote:
If you have 3 sites and they're interconnected via an OC3
and the internet, you would also have 2 frame or ppp circuits
seperately connecting the terminal server network. You'd do the
different path, different provider, etc. on these circuits.
You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Iljitsch van Beijnum
> Sent: Wednesday, January 12, 2005 6:25 AM
> To: Gernot W. Schmied
> Cc: NANOG list
> Subject: Re: Proper authentication model
>
>
>
> On 12-ja
On Wed, 2005-01-12 at 12:37, David Gethings wrote:
> On Wed, 2005-01-12 at 12:25 +0100, Iljitsch van Beijnum wrote:
> > IPv6 is also very useful in providing non-IPv4 management.
> Well if we're offering protocols other than IP(v4) for OOB management
> then might I chip in with MPLS?
What ever ha
On Wed, 2005-01-12 at 12:25 +0100, Iljitsch van Beijnum wrote:
> IPv6 is also very useful in providing non-IPv4 management.
Well if we're offering protocols other than IP(v4) for OOB management
then might I chip in with MPLS?
;)
--
Cheers
Dg
On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
True out of band management networks are very hard to build and very
hard to use, and you run the risk that you can't get at your stuff
because the management network is down.
IS-IS can be highly recommended for true out of band management, it is
Iljitsch van Beijnum wrote:
On 11-jan-05, at 18:48, Daniel Golding wrote:
True out of band management networks are very hard to build and very
hard to use, and you run the risk that you can't get at your stuff
because the management network is down.
IS-IS can be highly recommended for true out
On 11 Jan 2005, at 15:28, Kevin wrote:
On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel <[EMAIL PROTECTED]>
wrote:
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
. . .
2) An OpenBSD bastion host(s), where the NOC would ssh in, g
On 11-jan-05, at 18:48, Daniel Golding wrote:
Its terribly important that your routers' management traffic be
encrypted
all the way to the device.
Why "terribly important"? If this stuff runs over your own network then
others aren't going to be able to sniff it without physically getting
at your
On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel <[EMAIL PROTECTED]> wrote:
>
> Hello,
> I'd like everyones 2 cents on the BCP for network management of an ISP
> PoPs, with a non-security oriented NOC,
. . .
> 2) An OpenBSD bastion host(s), where the NOC would ssh in, get
> authenticated from TACACS
Kim,
Its terribly important that your routers' management traffic be encrypted
all the way to the device. For this reason, the best practice is to use
ssh2. There are some other hacks that can be used, but they are hacks, and
are not scalable.
Bastion hosts are a good thing and can be a great pl
Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
Most of my routers doesnt have crypto IOS images,
couldnt agree with core members to do a major upgrade, just a promise
of doign that when other needs to an IOS upgrade come up,
26 matches
Mail list logo
