[c-nsp] best way to network servers with management (iLO/IPMI)

Matlock, Kenneth L MatlockK at exempla.org
Thu Apr 9 09:56:09 EDT 2009 

I agree. We completely isolate the ILO onto it's own discrete network.
We supply Cisco 2950/2960's at the top of each rack, and it's on it's
own RFC1918 IP block. Each ILO gets it's own /27, not related at all to
the IP blocks the main servers use.

The 2950/2960's then plug into a distribution pair, unrelated to the
distribution layer the real NIC connectivity goes through.

Now, I realize not a lot of companies have that luxury, so compromises
sometimes have to be made.

Ken Matlock
Network Analyst
Exempla Healthcare
(303) 467-4671
matlockk at exempla.org
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roland Dobbins
Sent: Thursday, April 09, 2009 7:13 AM
To: Cisco-nsp
Subject: Re: [c-nsp] best way to network servers with management
(iLO/IPMI)


On Apr 9, 2009, at 8:42 PM, Drew Weaver wrote:

> Ideally, I would like to be able to assign the management device a  
> RFC 1918 IP, have the actual server be on a different subnet  
> altogether but use a shared port.

This isn't a good idea because of fate-sharing - you want your OOB  
management network to be isolated and bulletproof, and totally  
unaffected by any problems on the production side.  You should use  
separate NICs, with separate cables, plugged into a separate physical  
network (unless you're using N7K switches with VDCs, in which case you  
can safely run the management  network on a separate VDC on the same  
hardware, given the control- and management-plane isolation).

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile

   Our dreams are still big; it's just the future that got small.

		   -- Jason Scott

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list