| Fig 1: In Band and Out Of Band Management |
In Band Management
What is in-band out-of-band management on a network switch or router you'll hear these terms being thrown about by computer network admins and technicians. But what do they mean exactly stay tuned so in band out of band management we actually manage a switch or a router. But when technicians and admins talk about in-band and out-of-band what exactly are they referring to make this simple. Here going to show you the traditional and more commonly used method that a lot of computer networks use for managing their switches and routers. And that's what we refer to as in-band now in-band management simply means you've added an IP address to overall switch or router configuration that allows it to be communicated with over a remote connection. Much like if the that switcher router were just a desktop laptop printer or server somewhere on the network giving it its own ip address for management is what allows it to be reached remotely to make changes to its configuration. So when we say in-band management that simply means we're remotely managing that switch or router over the existing network again this is the most commonly used method for managing switches routers and other networking devices over most computer networks. So it's not unusual or unheard of but so if we refer to managing devices over the existing network as in-band.
Out Of Band Management
What does out-of-band mean most higher-end switches and routers and many servers as well are made these days with a management port specifically for managing that device from a remote connection. But these management ports are connected specifically for just that managing the management port on a switch router or server. It is not going to pass normal network traffic like the other ports do again most of those ports are on the front of the device and so that management port is not going to pass normal traffic normal network traffic and it can and probably will cause issues. If it is connected to the normal computer network so when you look on a switch or router and again some servers you'll see this management port specifically marked as management manage or out of band. This is where the term out of band comes from you're outside the normal band or network on a separate connection you'll find some computer networks especially the bigger enterprise level networks with the normal network setup using all the ports normally on the routers and switches. And then you'll have an entirely separate out-of-band network just for connecting to and accessing the management ports or out-of-band ports on switches and routers when this type of setup is used it's referred to as out of band management. And to offer a little more clarification here on the industry itself when you have separate out-of-band management networks or outside the normal computer network being used they will not have the same bandwidth or volume of traffic. You will see passing on the normal computer network again on the ports on the front so oftentimes you'll see slower smaller switches and connections used on the out of band network than are needed elsewhere on the network on the primary network i have even seen what they call dumb terminals connected to the backs of switches and routers. And that are utilized just for the out-of-band network to keep it simple and functioning and allowing access to each switch or router's management when needed so to keep this short and sweet that's the difference between in-band out-of-band management on a computer network and on the devices on that network.
In this post, we will discuss about In band and Out of Band Network Management. The sequential order of subtopics is enlisted as below –
Topics
- Understanding of Network Management
- In-band management
- Out-of-Band Management
- Comparison of In-band and Out-of-Band Management
- Tabular difference between In-band and Out-of-Band Management
- Conclusion
Understanding of Network Management
In-band and Out-of-Band management traffic is related to Management plane. There are primarily 2 ways to manage a network –
- In-band network management
- Out-of-band management (OOB).
In-band refers to managing through the network itself, using a Telnet/SSH connection to a router or by using SNMP-based tools. In-band is the common way to manage the network, where actual data/ production and management traffic may use the same path for communicating with various elements. For large or business-critical networks, in-band network management is not enough. If the network is down, reachability to network device is affected and this is a big risk for the organization and its business. You need an alternate or secondary access path to get around the problem or to access the source of the problem – that is essentially what Out-of-Band Management (OOB) provides.
In band Management
An in-band management involves managing devices through the protocols such as telnet/SSH. It is a common way that provides identity based access control for better security. It is good practice to segregate your management traffic from your production customer traffic. Create a management VLAN or loopback interface for other management activities such as device monitoring, system logging and SNMP.
In below configuration examples, we will be using “The Management Plane Protection Commands” of 2 Cisco Platforms as below –
- Cisco IOS XR
- Cisco CRS Router.
Configuration of In-band Management
Hostname#configure t
Hostname(config)#control-plane
Hostname(config-ctrl)#management-plane
Hostname(config-mpp)#inband
Hostname(config-mpp-inband-int name)#interface{typeinstance|all}
Hostname(config-protocol-peer)#allow{protocol|all} [peer]
Hostname(config-protocol-peer)#address ipv4{peer-ip-address|peerip-address/length}
Hostname(config-protocol-peer)#Use the commit or end command.
Hostname#show mgmt-plane[inband|out-of-band] [interface{type instance}
Out of Band Management
When network is down and traffic is not flowing, in such a scenario, an alternate path is required to reach the network nodes. Here we need a secure remote emergency network access path to manage and troubleshoot the device when network traffic is down. For critical networks, in-band management tools are not enough. Management using independent dedicated channels is called OOB. OOB provides accessibility when an alternate path is needed to access the network nodes.
Configuration of Out-of-Band Management
Hostname#configure t
Hostname(config)#control-plane
Hostname(config-ctrl)#management-plane
Hostname(config-mpp)#out-of-band
Hostname(config-mpp-outband)#vrf vrf-name
Hostname(config-mpp-outband)#interface{typeinstance|all}
Hostname(config-mpp-outband-int name)#allow{protocol|all} [peer]
Hostname(config-protocol-peer)#address ipv6{peer-ip-address|peerip-address/length}
Hostname(config-protocol-peer)#Use the commit or end command.
Hostname#show mgmt-plane[inband|out-of-band] [interface{type instance} |vrf]
Terminal Server for OOB
A terminal server commonly provides out-of-band access to multiple devices. A terminal server is a router with multiple low speed asynchronous ports that are connected to other devices. A very simple example is console ports on routers or switches. The terminal server has ability to provide access to the console ports of many devices. A terminal server overcomes the need to configure backup scenarios like modems on auxiliary ports for every device.
Async Cable – This cable provides eight RJ-45 rolled cable async ports on each 68-pin connector. RJ-45 rolled cable async port connected to the console port of each device. The CISCO 2511/2600/3600/2800 routers allows for a maximum of 16 devices to be remotely accessible with NM-16A module. In addition, the NM-32A high port density async network modules.
Configuration
Comparison of In-band and Out-of-Band Network Management
- In-band access is via Telnet/SSH and OOB access is via Console.
- In-band depends on IP address and Telnet/SSH port number and OOB depends on IP address and port number which are configured in OOB template.
- In-band works when network link is up and OOB is alternate path when network goes down.
- In-band is Synchronous and OOB is Asynchronous.
- In-band requires no physical access and OOB also does not require physical access because dial line is available.
- In-band connection speed is high and OOB connection speed is slow.
- In-band connection is established via putty or Secure CRT and OOB connection is established via terminal access.
Related – Meaning of line vty 0 4
Tabular difference: In band and Out of Band Network Management
| In-band access via Telnet/SSH | Out-of-Band access via Console |
| In-band depends on IP address and telnet/ssh port number | Out-of-Band depends on IP address and port number which are configured in OOB template. |
| In-band works when network link is up | Out-of-Band is alternate path when network goes down |
| In-band is Synchronous | Out-of-Band is Asynchronous |
| In-band requires no physical access | Out-of-Band also does not require physical access because dial line is available |
| In-band connection speed is high | Out-of-Band connection speed is slow |
| In-band connection is established via putty or Secure CRT | Out-of-Band connection is established via terminal access |
Download the difference table here.
Conclusion
In–band management is used to manage devices through telnet/SSH, using the network itself as a media. Out-of-band management uses terminal server that is connected to a management port of each controlled device.