[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netconf and working "on the box"
At 05:30 PM 3/12/2003 -0500, George Jones wrote:
>Randy Bush wrote:
>
>>>I'm trying to understand how netconf/xmlconf proposals would
>>>change/work with the way things are currently done. For example,
>>>today, if an ISP has a customer sending DoS traffic, it is common
>>>to get on the router (i.e. log in/enable/whatever) and type commands
>>>to locate and fix the problem. In some situations (network links
>>>saturated by flood traffic) one HAS to do this on the box, via
>>>a CLI, because you can not reach the box via the network.
>>>
>>
>>this discussion belongs on the public list.
>>
>>why is there a difference coming to the box in-band or out-of-band?
>>what are the differences?
>
>Because it's concievable, especially during a DoS attack, that you
>can't get to the box in-band and it is precicely under those
>circumstances that you need to be able to poke around and
>change configurations.
There are two potential solutions here:
1) use xmlconf over SSH or the console. Although the draft doesn't
specify these 'transport mappings', the intent is that xmlconf could be
run over SSH, or even a console port.
2) use CLI over SSH or the console. One of the operator requirements is
that the existing management mechanisms still work, even if new ones
(such as xmlconf) are added.
>---George Jones
Andy
--
to unsubscribe send a message to xmlconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/xmlconf/>