Eric Stewart: Running Off At The Mouth

Opengear was the second presentation (this includes links to the videos) of Network Field Day 29.  Opengear is one of the leading companies for out of band access management.

Out of band access can be a must for anyone who works on equipment where access to a “management” network might suffer during an outage.  If your management network is just a VLAN you use for SSH access to the equipment, it won’t do you any good if there’s a massive failure in routing, or in cases where you’re remote and your VPN devices aren’t available for some reason.  The thing is, it can be really hard to justify the cost for a pervasive out of band solution.

Opengear thinks that the answer to that is to use the out of band network for more than just emergencies.  Using it during deployment or even daily operations might help justify the costs of the additional equipment and wiring.  Opengear included in their presentation mentions of such useful tools as DHCP relaying (or hosting of DHCP) or even TFTP hosting on their devices, which can aid in deployment.  This includes them being able to host apps, configurations, and even OS images for you as part of their solution.

The central part of their solution is Lighthouse, their central management solution.  Lighthouse provides access not only to the Opengear equipment but also the gear you have connected to the Opengear equipment, so you don’t need to treat the Opengear stuff as a hop-point.  Lighthouse appears to be a VM you would have running on “on site” equipment, but they did mention the possibility of Lighthouse running in the cloud.  It is possible though that in a full disaster scenario where the hooks for your Opengear Ethernet based management network into your campus network were down, you could lose access to Lighthouse; you would apparently have to use the cellular connection separately.  They do have options for multiple instances of Lighthouse, so perhaps having one on prem and one in the cloud would be usable and allow engineers to reach equipment should there be a connectivity issue to one or the other.  Multi-instance Lighthouse deployments don’t currently have a solution that uses a virtual floating IP, but typically do operate in an H/A capacity.

This is a part of the concept that needs more clarification; if I have the opportunity, I’ll be asking more pointed, specific questions about connectivity options or scenarios.

Opengear’s equipment line runs the gamut of small serial devices for, say, branch connectivity out of band (using cellular connectivity) all the way up to rack mount solutions that can offer up to 96 serial ports as well as 24 Ethernet ports.  The Ethernet connectivity is useful in that some devices include SFP+ 10G pluggable port modules so that you can connect multiple Opengear devices over longer distances (say, anything that would extend past what regular Ethernet or serial might get you) so that you wouldn’t need more than one or two cellular devices for a large site – just connect other non-cellular Opengear devices using Ethernet.  You could also use this Ethernet connectivity for “management” ports as oppose to using the Opengear equipment for strictly serial access.  This does require additional cabling but one would hope that you have sufficient fiber plant and haven’t been running the bare minimum of fiber through any ground you have access to.  Anything that leaves your physical location (either by going over the Internet, an ELAN, or some other limited connectivity like DWDM) should probably have it’s own management network including it’s own cellular or otherwise OOB connection.

Now, covered in Opengear’s presentation was disaster situations, including failing over your access to your out of band network such as failing over to a cellular connection (they even still sell devices that have built in modems for use on old phone lines, if you still use them).  One of the concerns mentioned by Network Field Day delegates included the costs of the cellular access; the response was that Opengear has worked on the cellular option to be more of an emergency, fail over option rather than something that’s “always on”.  Additionally, there was the ability to limit access through the cellular connection.  You shouldn’t view this as a potential alternative to all of your regular connectivity needs unless you’re a small office that isn’t passing tons of data – the costs of running a cellular connection passing full production traffic may quickly become cost prohibitive (not to mention probably subject to high amounts of congestion).

The rest of the presentation covered custom app deployment using Lighthouse.  The concept there was the ability to code an app that would allow for, say, your helpdesk people to run a limited series of commands in order to gather information, either for the purposes of solving the problem themselves or to collect information a Network Engineer would need to get started on a more involved issue.  There’s a lot of promise there and should I manage to get funding and get a proper deployment of Opengear on $WORK’s network, I’ll be setting our in-house developer loose and letting him develop the solutions we need.

Opengear isn’t the only OOB solution out there, to be sure, but in this presentation they provided an alternative to “using your network to manage your network,” because if something really bad happens … you may not have access to your network in order to fix your network!