The Pros and Cons of a Dedicated Management Network

Carrying management traffic out of band can quickly result in building a fairly sophisticated network that is dedicated just to network management. This network can exist in addition and in parallel to the network that you are trying to manage—a dedicated network that allows your management systems to communicate with the network elements that they are managing. However, using out-of-band management communications does not necessarily imply the use of a dedicated management network that is physically separate and distinguished from the production network. Although a dedicated management port is used, the traffic to and from that port could also be carried through the same network that carries the rest of the traffic. Instead of being a dedicated network, the management network is, in effect, overlaid on top of the production network.

Figure 3-12 depicts the two alternatives of having a network that is shared for both management and production traffic (Figure 3-12a) and keeping management and production networks physically separate (Figure 3-12b). Which option makes the most sense? The answer is, it depends. Like so much in engineering, it is all about trade-offs.

Figure 3-12 Dedicated Versus Shared Management and Production Networks

Production Traffic Management Traffic

(a) Shared Network for Management and Production Traffic

(b) Dedicated Management Network

(a) Shared Network for Management and Production Traffic

(b) Dedicated Management Network

The advantages of using a dedicated management network are numerous:

■ Reliability—With a dedicated management network, management traffic is carried independently of traffic over the production network, making management significantly more reliable. For example, picture a situation in which a network failure or network congestion occurs and makes a certain segment of the network hard to reach. In this situation, management is absolutely critical to finding out what happened, and possibly to subsequently instructing the network to perform certain reconfigurations to remedy the situation. However, unless you have a dedicated management network, chances are, management traffic will be just as incapable of getting through as any other communications traffic. As with an ambulance that is stuck in traffic, you will not be able to get to the scene easily to determine exactly what has happened (in fact, the call to alert you might have trouble getting through), let alone provide first aid or clean up the mess. This means that management might effectively be unavailable just when it is needed the most. Of course, with a dedicated management network, all of this is a nonissue.

■ Interference avoidance—When carried over the production network, management traffic competes with other networking traffic. This includes data application traffic as well as traffic with high quality of service (QoS) requirements, such as voice or streaming video, which is sensitive to fluctuations in bandwidth and delay. Although management traffic is not very high in volume compared with other applications, it can be bursty and still of non-negligible volume. For example, it might involve downloading large files with new configurations or software images to network elements, or transferring statistical data that was collected over a longer period of time at the network element. The amount of traffic can be sufficient to interfere with other applications. For example, it can cause load conditions on the network that can lead to noticeable degradations in the QoS that is provided to other applications. This is not a recipe for keeping network users and customers happy; in the worst case, it can translate into lost revenue to the network provider. Interference between management and production network traffic can also make certain problems harder to diagnose. Again, with a dedicated management network, all of this is a nonissue.

■ Ease of network planning—Avoiding interference as described in the previous bullet requires careful network planning that takes into account the effects of unpredictable network management traffic. Network planning for the production network becomes easier if there is no need to consider management traffic, as is the case when a dedicated management network is used. Of course, the price to pay is that the management network also must be planned for. However, a dedicated management network runs only a single application—network management—so this problem becomes simpler.

■ Security—A dedicated management network is harder to attack and easier to secure. End users and subscribers will never come into contact with it; its devices are on a completely separate network. This makes it less prone to hackers and less vulnerable to, for example, DoS attacks on the production network.

On the other hand, there are a variety of reasons not to use a dedicated management network and to use management communication exchanges over a shared network:

■ Cost and overhead—Despite its advantages, a dedicated management network requires a separate network to be built. This comes with a huge price tag that results in significant additional cost. A shared network does not require additional devices, additional space, and additional cabling.

■ No reasonable alternative—In quite a few cases, a shared network might realistically be the only option. For example, equipment that is deployed at the customer premises might be reachable only through one network. One scenario involves a Digital Subscriber Line (DSL) router that is located at the site of a customer. The service provider provides DSL connectivity to this router, but it does not make sense to provide separate management connectivity. Instead, any required management communication occurs over the same physical network. Of course, at the logical level at least, a separate channel can be used.

What about management of the dedicated management network? Shouldn't this be a consideration as well? Will we now also need a "management management network" to manage the management network as well? And who would manage that? Will it ever end? This is a good point, and for the truly paranoid, it is well worth considering. However, in general, the answer is that the management network will also provide management connectivity for its own devices. One management network is enough. The management network will be considerably less complex than the production network that it actually must manage; it has only a very small set of services and users. Also, the environment in which it is deployed is very controlled. Finally, the production network can provide backup to the management network in case it is needed, as explained in the discussion that follows.

In summary, a dedicated management network has undeniable advantages. For areas of a network in which management is critical—for example, the backbone at a service provider or even a large enterprise—this is the implementation of choice. Its big drawback is cost, which is the main reason dedicated management networks are found only in the most critical network deployments. Hybrid solutions also are possible, with management traffic traveling in part over a dedicated management network and in part over the production network.

As for in-band and out-of-band management communications at the network element itself, typically network elements are configured to support both. The out-of-band communications path normally is used, using a dedicated port for management traffic. However, if problems arise in the management network, the option exists to fall back on the secondary in-band—and shared management network—option. This way, the production network itself is used to provide critical backup for the management network when needed. This is perhaps an ironic twist, considering that management traffic was deemed so critical that the production network couldn't be relied on to carry it to begin with.

+5 -4

Responses

  • diamanda
    What is the important of using dedicated management network?
    3 years ago
  • faramir
    What is the pros and cons of policybased network management?
    2 years ago
  • Faramir
    Why a strong, dedicated management is needed?
    12 months ago
  • Iole
    What is a disadvantage of using a dedicated network management system in the corporate enterprise?
    8 months ago
  • manuela
    What are some pros of having a dedicated management?
    5 months ago
  • mehret
    Why a company would have a dedicated management LAN?
    5 months ago
  • emilia docherty
    Is a separate management network for windows servers necessary?
    5 months ago
  • gerardino
    What is better a dedicated band or qos?
    4 months ago
  • tesmi
    How to sperate management nic form production?
    3 months ago
  • Arrigo Boni
    What is a dedicated management server?
    2 months ago

Post a comment