Monday, October 14, 2019

Out Of Band Management network

I am about to build an OOB Management network, for about 10 sites, and am trying to identify the most cost effective hardware. I intend to provide OOB Ethernet and Serial connectivity to each network device on my main network which is around 100 devices. The kit is spread out in some DCs and no copper between some racks. My basic plan so far is:

  • Cisco ASA5508 firewalls at each site, with an internet connection.
  • Two sites designated as Hubs, connecting with IPSec to all others in a double hub & Spoke.
  • Small Sites (x6)
    • Less than 6 Switches to manage can connect direct to the firewall
    • If more than 6 ports are requires then a 24 port switch.
    • 6 port Serial Console server
  • Larger sites (x4)
    • Racks are spread out across DC in about 8 groups
    • Each group will need a Serial console server with an appropriate number of ports
    • Each rack group will need a switch, that switch will need to uplink back towards the firewall with Fibre.
    • The ASA 5508 firewall does not have fibre ports (the 5525 with expansion does, but that is too expensive and only 6 SFP ports). So I need a Distribution switch with > 8 x 1G SFP interfaces. This is the main device I am having difficulty identifying.
    • Each rack group will have a small switch with 10/12/24 port 1G copper interfaces (depending on group size) and an 1G SFP uplink.

Some basic requirements are:

  • I don't want to buy EOL kit, it all has to be supportable.
  • All of the kit I need to manage has either 100Mb or 1Gb copper interfaces.
  • Bandwidth throughput does not need to be high.
  • This is not a fully resilient network, it is just a simple double hub and spoke.
  • The Two Hub sites are the biggest DCs. Most of the others are small 1 or two racks.
  • The hardware doesn't have to be Cisco, although I am most familiar with it, but it does need to be one of our existing three that we already use, as I don't want to add a fourth vendor. They are Cisco, Arista and Juniper.
  • I really don't like media converters, as I have found them to be unreliable in the past.
  • All kit must be rack mountable.
  • Hub sites will have some services running to support management, like touchdown server, TACACS, syslog, DNS, DHCP, snmp, NTP.

If anyone can share their experience setting up something like this and recommend any hardware it would be greatly appreciated. Alternate suggestions to the above are welcome, if you think there is a better method to achieve the same goal.



No comments:

Post a Comment