[c-nsp] Remote management console servers?

Jared Mauch jared at puck.Nether.net
Tue Jul 14 13:15:31 EDT 2015 

On Tue, Jul 14, 2015 at 05:03:33PM +0000, Scott Granados wrote:
> Hi,
> 
> Wondering what people are doing / best practices for remote management 
> generally in datacenter environments.  We have several datacenter with a 
> mix of Cisco, F5, Juniper and Palo Alto equipment in each.  All have a 
> similar RJ45 type console port and all are pretty much your garden 
> variety devices.  Looking for a good solution to gain access when 
> primary connectivity is disrupted.  I know back in the day we used 
> 2610XM routers with the octopus cables but I’m wondering if there is 
> better available now or is this still a good solution?  Do you all use 
> out of band loops for remote management like DS1 / DS3 circuits from 
> diverse providers, dial in, what’s the standard for remote management?  

	Many people have their own solutions.  What I've generally seen
is that you can connect to routers inband over IP to a console server.
If the network is down, there is some other "backup" method to get into
the console server, be it a modem or similar.

	Some people have taken to doing this over cellular data but
often this is not reliable within datacenters with a lot of RF or
similar issues.

	Some people use DSL in the datacenter, but some buildings are
outside the DSL footprint of telcos, so you are left with "something else".

> Do you also have your management networks isolated on their own 
> (could be the same) management network or do you do some sort of 
> VPN / VRF deal for normal non emergency management connectivity?  

	I've started to think that this is a solution where LISP
would actually add value/come into play.  LISP allows prefix mobility
across multiple providers, so could have cellular + inband-ethernet + dsl + 
datacenter wifi, and make that work.  You can run LISP on your router or
on a raspberry PI as well.  Check out lispers.net

> Any thoughts on the subject would be most appreciated.  The last 
> time I built one of these was with 2610XM routers in the pops and 
> 7206 routers as aggregation points in each geographic region linked 
> together with different T1s and multiplexed to the 7206 regional 
> routers with backhaul loops to the NOC.  Seems like a bit of overkill 
> for my application now but if this is still the best practice then it 
> might be worth while.  Any pointers or other suggestions would be most 
> appreciated.

	The cases where I have used console are generally to
recover a device that has gone south in a really-bad way.

	Trying to use a console port for anything more than that
will result in frustration.

	- Jared


-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the cisco-nsp mailing list