In band and Out of Band Network Management : Detailed Comparison
In this post, we will discuss about In band and Out of Band Network Management. The sequential order of subtopics is enlisted as below –
Topics
- Understanding of Network Management
- In-band management
- Out-of-Band Management
- Comparison of In-band and Out-of-Band Management
- Tabular difference between In-band and Out-of-Band Management
- Conclusion
Understanding of Network Management
In-band and Out-of-Band management traffic is related to Management plane. There are primarily 2 ways to manage a network –
- In-band network management
- Out-of-band management (OOB).
In-band refers to managing through the network itself, using a Telnet/SSH connection to a router or by using SNMP-based tools. In-band is the common way to manage the network, where actual data/ production and management traffic may use the same path for communicating with various elements. For large or business-critical networks, in-band network management is not enough. If the network is down, reachability to network device is affected and this is a big risk for the organization and its business. You need an alternate or secondary access path to get around the problem or to access the source of the problem – that is essentially what Out-of-Band Management (OOB) provides.
In band Management
An in-band management involves managing devices through the protocols such as telnet/SSH. It is a common way that provides identity based access control for better security. It is good practice to segregate your management traffic from your production customer traffic. Create a management VLAN or loopback interface for other management activities such as device monitoring, system logging and SNMP.
In below configuration examples, we will be using “The Management Plane Protection Commands” of 2 Cisco Platforms as below –
- Cisco IOS XR
- Cisco CRS Router.
Configuration of In-band Management
Hostname#configure t
Hostname(config)#control-plane
Hostname(config-ctrl)#management-plane
Hostname(config-mpp)#inband
Hostname(config-mpp-inband-int name)#interface{typeinstance|all}
Hostname(config-protocol-peer)#allow{protocol|all} [peer]
Hostname(config-protocol-peer)#address ipv4{peer-ip-address|peerip-address/length}
Hostname(config-protocol-peer)#Use the commit or end command.
Hostname#show mgmt-plane[inband|out-of-band] [interface{type instance}
Out of Band Management
When network is down and traffic is not flowing, in such a scenario, an alternate path is required to reach the network nodes. Here we need a secure remote emergency network access path to manage and troubleshoot the device when network traffic is down. For critical networks, in-band management tools are not enough. Management using independent dedicated channels is called OOB. OOB provides accessibility when an alternate path is needed to access the network nodes.
Configuration of Out-of-Band Management
Hostname#configure t
Hostname(config)#control-plane
Hostname(config-ctrl)#management-plane
Hostname(config-mpp)#out-of-band
Hostname(config-mpp-outband)#vrf vrf-name
Hostname(config-mpp-outband)#interface{typeinstance|all}
Hostname(config-mpp-outband-int name)#allow{protocol|all} [peer]
Hostname(config-protocol-peer)#address ipv6{peer-ip-address|peerip-address/length}
Hostname(config-protocol-peer)#Use the commit or end command.
Hostname#show mgmt-plane[inband|out-of-band] [interface{type instance} |vrf]
Terminal Server for OOB
A terminal server commonly provides out-of-band access to multiple devices. A terminal server is a router with multiple low speed asynchronous ports that are connected to other devices. A very simple example is console ports on routers or switches. The terminal server has ability to provide access to the console ports of many devices. A terminal server overcomes the need to configure backup scenarios like modems on auxiliary ports for every device.
Async Cable – This cable provides eight RJ-45 rolled cable async ports on each 68-pin connector. RJ-45 rolled cable async port connected to the console port of each device. The CISCO 2511/2600/3600/2800 routers allows for a maximum of 16 devices to be remotely accessible with NM-16A module. In addition, the NM-32A high port density async network modules.
Configuration
Comparison of In-band and Out-of-Band Network Management
- In-band access is via Telnet/SSH and OOB access is via Console.
- In-band depends on IP address and Telnet/SSH port number and OOB depends on IP address and port number which are configured in OOB template.
- In-band works when network link is up and OOB is alternate path when network goes down.
- In-band is Synchronous and OOB is Asynchronous.
- In-band requires no physical access and OOB also does not require physical access because dial line is available.
- In-band connection speed is high and OOB connection speed is slow.
- In-band connection is established via putty or Secure CRT and OOB connection is established via terminal access.
Related – Meaning of line vty 0 4
Tabular difference: In band and Out of Band Network Management
IN-BAND MANAGEMENT | OUT-OF-BAND MANAGEMENT |
In-band access via Telnet/SSH | Out-of-Band access via Console |
In-band depends on IP address and telnet/ssh port number | Out-of-Band depends on IP address and port number which are configured in OOB template. |
In-band works when network link is up | Out-of-Band is alternate path when network goes down |
In-band is Synchronous | Out-of-Band is Asynchronous |
In-band requires no physical access | Out-of-Band also does not require physical access because dial line is available |
In-band connection speed is high | Out-of-Band connection speed is slow |
In-band connection is established via putty or Secure CRT | Out-of-Band connection is established via terminal access |
Download the difference table here.
Conclusion
In–band management is used to manage devices through telnet/SSH, using the network itself as a media. Out-of-band management uses terminal server that is connected to a management port of each controlled device.
Tag:comparison
1 Comment
Thanks that was very helpfull explanation for Network Admins and Server Admins.