Table Of Contents

Contents

Previous topic

Network Architecture

Next topic

Podnet

  1. Docs
  2. 3: Understanding CloudCIX
  3. OOB Network

OOB Network

Introduction

In production implementations of CloudCIX, installing an Out-of-Band (OOB) network is strongly recommended. For example, it is required to force failover from one PodNet to another PodNet in a HA pair. This HA functionality and an OOB network is required to allow upgrade or replacement of PodNet without downtime.

The OOB Network can be used to provide a secure dedicated alternate access method into POD infrastructure by level 2 support engineers or network administrators to connected devices such as PodNets, Pod Appliance, switches, KVM, HyperV hosts and Ceph storage devices on IPMI/iLO/iDRAC ports without using the Public Network. It also allows for monitoring infrastructure and to debug issues using CloudCIX PAT Applications.

OOB Architecture

../_images/network_oob.png

  1. A PAT Project called OOB is created in PAT with an RFC1918’s 192.168.5.1/23 subnet.

  2. Every Non-PAT Pod (pod_number > 0) must have an OOB Network built on a separate hardware other than Pod requirements.

  3. Every Non-PAT Pod’s OOB Network is connected to PAT’s OOB Gateway Network Project via a site to site VPN tunnel.

  • From 10.0.0.0/8 each pod is assigned a 10.<pod_number>.<rack_id>.<u_height>/16 subnet. * where pod_number is 0 to 255, with 0 reserved for the PAT.

  • The Range 10.<pod_number>.0.0/24 is reserved for special purposes.

  1. PAT Pod (pod_number = 0) has access to and manages the entire OOB network across all pods adopted by the PAT over VPN tunnels.

  2. PAT supplies the credentials and VPNs configuration to setup OOB Network in the Pods.

Why OOB?

  1. The primary benefit of an OOB interface is its availability when

  • the Public network is down

  • a device is turned off, in sleep mode, hibernating, or otherwise inaccessible.

  1. OOB can be used to remotely reboot devices that have crashed and manage powered-down devices.The core idea is to preserve 24/7 uptime of a network by ensuring it always has access to all assets like

  • PodNets, Switches, Hosts, Ceph Storage, and Pod appliances.

  1. The OOB allows PAT remote access to every host within the Pod.

How is it used?

PAT houses a NOC (Network Operation Centre) so network administrators and other level 2 engineers access Pods remotely over OOB VPN tunnel For:

  1. CloudCIX PAT tools like Rocky and Icarus are used for performance monitoring, and some remote troubleshooting.

A Pinglist tool helps in constantly pinging device status over Public network, thus non responding devices are accessed over OOB network to troubleshoot and reinstate devices as quick as possible.

  1. Other PAT tools offer secure access to critical network devices

  • Strong authentication schemes such as RADIUS and RSA to comply with existing network security policies.

  • Secure device upgrades and recoveries.

Network Architecture
Podnet
© Copyright 2020 - 2024, CloudCIX authors and contributors. Created using Sphinx.