In band and Out of Band Network Management : Detailed Comparison

Rashmi Bhardwaj | Blog,Config & Troubleshoot
Google ADs

In this post, we will discuss about In band and Out of Band Network Management. The sequential order of subtopics is enlisted as below –

In band and Out of Band Network Management

Understanding of Network Management

In-band and Out-of-Band management traffic is related to Management plane. There are primarily 2 ways to manage a network:

  • In-band network management
  • Out-of-band management (OOB).

In-band refers to managing through the network itself, using a Telnet/SSH connection to a router or by using SNMP-based tools. In-band is the common way to manage the network, where actual data/ production and management traffic may use the same path for communicating with various elements. For large or business-critical networks, in-band network management is not enough. If the network is down, reachability to network device is affected and this is a big risk for the organization and its business. You need an alternate or secondary access path to get around the problem or to access the source of the problem – that is essentially what Out-of-Band Management (OOB) provides.

Google ADs

In band Management

An in-band management involves managing devices through the protocols such as telnet/SSH. It is a common way that provides identity based access control for better security. It is good practice to segregate your management traffic from your production customer traffic. Create a management VLAN or loopback interface for other management activities such as device monitoring, system logging and SNMP.

In below configuration examples, we will be using “The Management Plane Protection Commands” of 2 Cisco Platforms as below –

  • Cisco IOS XR
  • Cisco CRS Router.

Configuration of In-band Management

Hostname#configure t

Hostname(config)#control-plane

Hostname(config-ctrl)#management-plane

Hostname(config-mpp)#inband

Hostname(config-mpp-inband-int name)#interface{typeinstance|all}

Hostname(config-protocol-peer)#allow{protocol|all} [peer]

Hostname(config-protocol-peer)#address ipv4{peer-ip-address|peerip-address/length}

Hostname(config-protocol-peer)#Use the commit or end command.

Hostname#show mgmt-plane[inband|out-of-band] [interface{type instance}

Out of Band Management

When network is down and traffic is not flowing, in such a scenario, an alternate path is required to reach the network nodes. Here we need a secure remote emergency network access path to manage and troubleshoot the device when network traffic is down. For critical networks, in-band management tools are not enough. Management using independent dedicated channels is called OOB. OOB provides accessibility when an alternate path is needed to access the network nodes.

Configuration of Out-of-Band Management

Hostname#configure t

Hostname(config)#control-plane

Hostname(config-ctrl)#management-plane

Hostname(config-mpp)#out-of-band

Hostname(config-mpp-outband)#vrf vrf-name

Hostname(config-mpp-outband)#interface{typeinstance|all}

Hostname(config-mpp-outband-int name)#allow{protocol|all} [peer]

Hostname(config-protocol-peer)#address ipv6{peer-ip-address|peerip-address/length}

Hostname(config-protocol-peer)#Use the commit or end command.

Hostname#show mgmt-plane[inband|out-of-band] [interface{type instance} |vrf]

Related – Management Port vs Console Port

Terminal Server for OOB

A terminal server commonly provides out-of-band access to multiple devices. A terminal server is a router with multiple low speed asynchronous ports that are connected to other devices. A very simple example is console ports on routers or switches. The terminal server has ability to provide access to the console ports of many devices. A terminal server overcomes the need to configure backup scenarios like modems on auxiliary ports for every device.

Async Cable – This cable provides eight RJ-45 rolled cable async ports on each 68-pin connector. RJ-45 rolled cable async port connected to the console port of each device. The CISCO 2511/2600/3600/2800 routers allows for a maximum of 16 devices to be remotely accessible with NM-16A module. In addition, the NM-32A high port density async network modules.

Configuration

Comparison of In-band and Out-of-Band Network Management

  • In-band access is via Telnet/SSH and OOB access is via Console.
  • In-band depends on IP address and Telnet/SSH port number and OOB depends on IP address and port number which are configured in OOB template.
  • In-band works when network link is up and OOB is alternate path when network goes down.
  • In-band is Synchronous and OOB is Asynchronous.
  • In-band requires no physical access and OOB also does not require physical access because dial line is available.
  • In-band connection speed is high and OOB connection speed is slow.
  • In-band connection is established via putty or Secure CRT and OOB connection is established via terminal access.

 Related – Meaning of line vty 0 4 

Tabular difference: In band and Out of Band Network Management

Conclusion

Inband management is used to manage devices through telnet/SSH, using the network itself as a media. Out-of-band management uses terminal server that is connected to a management port of each controlled device.

SOURCE : https://networkinterview.com/

ABOUT THE AUTHOR


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart