Re: Proper authentication model

["Gernot W. Schmied" <gernot.schmied () chello at>]

Iljitsch van Beijnum wrote:
> On 12-jan-05, at 11:30, Gernot W. Schmied wrote:
>
> > > True out of band management networks are very hard to build and very 
> > > hard to use, and you run the risk that you can't get at your stuff 
> > > because the management network is down.
>
>
> > IS-IS can be highly recommended for true out of band management, it is 
> > reachable when IP goes down the drain entirely.
>
>
> To me, true "out of band management" means that the management traffic 
> doesn't flow over production links. You are right that IS-IS can 
> continue to function when IP is confused (although with integrated IS-IS 
> OSI will probably be just as confused as IP). But IS-IS isn't a 
> management protocol, of course.  :-)
>
> IPv6 is also very useful in providing non-IPv4 management.

True, but integrated IS-IS is not true IS-IS strictly speaking. I am 
referring to ISO CLNS/CLNP, who actually needs IP if you have other fine 
network layer protocols alt your disposal ,-)?

I used to recommend this measure in combination with BRI ISDN management 
lines, it's affordable and works without constantly testing analog 
dialin. A dedicated infrastructure beyond that measure simply is not 
justifiable economically. Besides, SDH and DWDM use separate management 
approaches as well, so does SS7 infrastructure. It is always a 
combination. Some people also use management VCIs/DLCIs which does not 
buy you much.

my 0.02$,
Gernot