Hello NANOGers,
I am wondering if people still use console servers with cellular service as
a disaster out-of-band management solution in your data centers? If not,
what are the alternatives? If so, are there any recommendations for
pay-as-you-go cellular service? Apologies if this is too trivial a question
for this group.
Thanks for your time,
Mike
Almost exactly a year ago
https://mailman.nanog.org/pipermail/nanog/2017-February/090293.html
<I think it is a very valid conversation to have, just sharing historical
notes first.>
Good call out — I didn’t put enough effort into searching previous conversations.
Michael, Let me know what you end up doing. This is definitely something
I've considred for our DC
We use the Oopengear ACM and IM series and they are great. My only current issue is that Verizon does not allow for static IPv4 and IPv6 simultaneously. You can have one or the other, but not both. *facepalm*
One major point of advice with the Opengear: make sure the firmware is up to date. There have been some issues with cellular stability in some releases.
thanks,
-Randy
How is cell reception in multi-story data centers/carrier hotels? Good
enough for remote management?
JM
Going to depend entirely on the data center. I've got OpenGear boxes deployed in a variety of places, using Verizon LTE with static IP. One Level 3 colo I'm in I had to buy a high gain directional antenna to get the signal strength up above -80, where below that you're lucky to get a reasonable SSH experience, but then I'm in a Switch colo in Vegas that has dramatically more customers and equipment, and I get almost double that signal strength, inside a rack, inside a metal heat chamber, with the built-in antennas. Just depends on the structure and proximity to a tower I'm guessing.
My $dayJob experience with cell to console in the larger locations has been poor, verging on unacceptable.
Pretty bad bordering on unusable most of the time (steel and concrete buildings after all).
I'm only setup in buildings we own, so I've been able to put antennas up on the roof for this.
At our more remote sites where there's no cell service at all I have POTS lines. KVMoIP is a bit painful at 56k, but it's usable.
Ed
Yes. I use Opengear with great success. I use Verizon, T-Mobile & AT&T prepaid service depending on the area. When integrated with Opengear Lighthouse, the console server is fully manageable via cellular service.
Kenneth
At the sites, are you installing external antennae's?
I've been pretty successful doing this with VZW as they were the only ones
that I was able to get a static ip from fairly easily. Talked to tmo and
sprint a few times and their people would say it was possible but could
never get it done for whatever reason. It works well as long as you have
good signal, some buildings might be a little tough if theres alot of
obstruction.
hope this helps
chris
Lots of references to static IPs from cellular providers for OoB access in
this thread. Why? It seems like a dial-home scheme is an obvious solution
here, whether it's Opengear's Lighthouse product, openvpn, or whatever...
Do you all have a security directive that demands whitelisted IP addresses?
I've got a handful of OoB systems that dial home via cellular, but only
after they've been poked by SMS. Opengear's auto-response facilitates that,
and I've done it with EEM (to start DMVPN) on Cisco ISRs.
The main headache I've run into is that it's tough to get a SIM card from
ATT that does data and SMS: ATT's M2M plans don't allow SMS, and moving the
SIM from an iPhone to "a computer" causes the SMS capability to vanish. My
ATT OoB boxes (used only where Verizon is reported to not work) are online
all the time.
Static IPs are useful for connecting to the "home" site. If our main office is offline for some reason, it is nice to be able to quickly connect via cellular OoB.
I agree that other solutions (dial-home, or private network) make sense for satellite sites.
thanks,
-Randy
We get static IP's to facilitate monitoring that the OOB remains online (easier to hit a non-changing IP than getting false positives for outage between an IP change and DDnS or whatever other type of update needs to happen), and it also makes IPSec VPN easy if your roving sysadmins know what IP to VPN into for a given site, when DNS may or may not be working.
At all my sites I use Air Console with an OOB IP connection from another ISP. Sometimes this is free since it is barely being used or I’m being charged a very small amount . Other times I exchange an OOB IP connection. So I get one from them and they get one from me through my network.
Regards,
Michael Rave
Crossivity
While I appreciate being thrifty, managing these good-will trades can
be challenging. The person who you collaborated with may be gone,
there may be no formal way to file complaint or escalate, so you may
find MTTR times being very high or even need to come up with entirely
new solution at arbitrary time.
I would definitely optimise for having real contract and circuit #
from provider who has normal product. Your situation may differ, but
in my situation MRC is dominated by fibre leases and electricity, and
IP-OOB WAN cost is immaterial.
We have >100 AT&T units deployed and about 35 Verizon units and have had
virtually no issues with call home via openvpn. All opengear ACM7xxx
series.
We are using machine to machine plans from marketplace.att.com. Used to be
a great deal, the new plans are still “fair” and better than standard
consumer/business prepaid plans. We average around 100MB/mo/device, we
could probably improve that with some effort on keepalives etc.
We have had coverage issues in some sites but in the colos we are in it has
been fine.
In colo we usually also take “house” IP due to XC costs blowing out any 3rd
parties, and I have done DSL on PSTN XC before, but even in those cases the
LTE is still useful particularly for turn up where the colo house ip rarely
“just works”.
Some RF knowledge helps. Picking a carrier and equipment capable of operating on a low frequency will help ensure it works.
IE: In the US, not T-Mobile. Everyone else has near-universal network under 900 MHz.