Re: netconf and working "on the box"

[George Jones <gmjones@mitre.org>]

Andy Bierman wrote:

> At 05:30 PM 3/12/2003 -0500, George Jones wrote:
>  
> > Randy Bush wrote:
> >
> >    
> > > > I'm trying to understand how netconf/xmlconf proposals would
> > > > change/work with the way things are currently done.   For example,
> > > > today, if an ISP has a customer sending DoS traffic, it is common
> > > > to get on the router (i.e. log in/enable/whatever) and type commands
> > > > to locate and fix the problem.   In some situations (network links
> > > > saturated by flood traffic) one HAS to do this on the box, via
> > > > a CLI, because you can not reach the box via the network.
> > > >  
> > > >        
> > > this discussion belongs on the public list.
> > >
> > > why is there a difference coming to the box in-band or out-of-band?
> > > what are the differences?
> > >      
> > Because it's concievable, especially during a DoS attack, that you
> > can't get to the box in-band and it is precicely under those
> > circumstances that you need to be able to poke around and
> > change configurations.
> >    
> There are two potential solutions here:
>
> 1) use xmlconf over SSH or the console.  Although the draft doesn't 
>   specify these 'transport mappings', the intent is that xmlconf could be 
>   run over SSH, or even a console port.
>
> 2) use CLI over SSH or the console.
Thanks.   That's what I was trying to understand.    Now I jack in  (or 
come in
via console server) and get a prompt.   In the futre, I might have to have
an xmlconf enabled module for my palm pilot or some such.  Hmmm...


>  One of the operator requirements is 
>   that the existing management mechanisms still work, even if new ones
>   (such as xmlconf) are added.
Where are these listed ?

Thanks,
---George



--
to unsubscribe send a message to xmlconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/xmlconf/>