[c-nsp] best way to network servers with management (iLO/IPMI)

Ramcharan, Vijay A vijay.ramcharan at verizonbusiness.com
Thu Apr 9 10:02:11 EDT 2009


I second that approach. We use it for our builds whenever possible. You
really do want your oob mgmt solution to be as isolated as possible from
failures on the production side of things. We usually build a mgmt silo
to accommodate out of band connectivity; with one or more
fixed-configuration switches depending on site size and budget, firewall
and ISR router. A separate circuit for remote connectivity as well with
failover to IPSec/DMVPN. It's obviously more expensive but it sure goes
a long way in reducing visits to customer sites. 

ilo ports used to be simpler, 1 ilo port connected to one mgmt switch
port. With blade chassis and the move there to reduce cabling, blades
can now share one physical ilo port on their chassis/enclosure. 

However, that still doesn't change mgmt connectivity as you still would
want to have this single physical connection on a mgmt switch. 
 
Vijay Ramcharan 
  
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roland Dobbins
Sent: April 09, 2009 09:13
To: Cisco-nsp
Subject: Re: [c-nsp] best way to network servers with management
(iLO/IPMI)


On Apr 9, 2009, at 8:42 PM, Drew Weaver wrote:

> Ideally, I would like to be able to assign the management device a  
> RFC 1918 IP, have the actual server be on a different subnet  
> altogether but use a shared port.

This isn't a good idea because of fate-sharing - you want your OOB  
management network to be isolated and bulletproof, and totally  
unaffected by any problems on the production side.  You should use  
separate NICs, with separate cables, plugged into a separate physical  
network (unless you're using N7K switches with VDCs, in which case you  
can safely run the management  network on a separate VDC on the same  
hardware, given the control- and management-plane isolation).

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile

   Our dreams are still big; it's just the future that got small.

		   -- Jason Scott

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

______________________________________________________________________
This e-mail has been scanned by Verizon Managed Email Content Service,
using Skeptic(tm) technology powered by MessageLabs. For more
information on Verizon Managed Email Content Service, visit
http://www.verizonbusiness.com.
______________________________________________________________________


More information about the cisco-nsp mailing list