10 Things you Need to Know about Out of Band (OOB) Networks

Out of Band Networks are highly effective means to improve network resilience: they provide network engineers and site reliability engineering teams alternative methods to access key infrastructure operating in the datacenter, the edge, or the cloud. Today's demands for uptime and availability of even the most basic applications can leverage out of band networks to enhance the ability to recover from outages quickly and recover network resilience.

Big Network has compiled a list of 10 things everyone should know about out of band networks:

1. What is an Out of Band Network?

An out of band network is a means to access your infrastructure, such as servers, network equipment, firewalls, routers, and other IT devices when your primary path for access is down.

2. Why do Out of Band Networks need to exist?

On the Internet, everyone has a bad day once in a while. From the largest social media sites to clouds and to e-commerce, complex IT systems have problems; operators make errors with configuration, network automation software has bugs, and distributed denial of service (DDoS) attacks happen. An out of band network gives operators a dedicated path that is separate for key tasks or gets around outages in the primary path.

3. What are in-band and out of band signaling in networks?

In-band signaling happens via your primary, general purpose connections in and out of your environment. For example, in a datacenter context, in-band signaling would happen over your primary internet connections like BGP fed Dedicated Internet Access (DIA). Out of band signaling happens over its own, dedicated channel away from the production network and is primarily used for network management functions.

4. What do I need to deploy an Out of Band Network?

Deploying an out of band network requires careful planning, equipment and software selection, and implementation. First and foremost, it is key to create a separate path into your environment away from the main production path:

• In the datacenter, this could be a low speed ethernet service, a DSL line, or even a cable modem.
• On the Edge, this could be a mobile 4G/LTE/5G service.
• In the Cloud, this could be implemented as a dedicated VPN on a dedicated VPC.

The key is that this is a /different/ data path that is not available to the general consumer of your services.

The key is that this is a /different/ data path that is not available to the general consumer of your services.

From there, selecting the appropriate equipment and software is required. OOB hardware should be low in power consumption, offer a variety of WAN and LAN ports, and the software should enable secure remote access to the environment at hand.

5. I thought OOB networking was limited to Serial Ports - why are you talking about WAN and LAN ports?

It certainly was the case that OOB networking related to serial ports in older times of networking. Legacy networking gear often provided users with a “console” port, which provided serial access to the device from a local workstation. Serial terminal servers were used to gateway from ethernet networks to serial connections for remote access.

In 2022, most modern networking devices offer both serial console connections and dedicated management ethernet connections. Importantly, both of these pathways are dedicated paths for secure remote management out of the main data plane of devices.

6. How does OOB networking relate to Network Resilience Engineering?

Network resilience engineering (NRE) is a relatively new practice in the world of IT. NRE focuses on network design and architecture so that networks remain available and stable during routine and unexpected failures. NREs use tools like network simulators, pre-production environments, and labs to evaluate network designs and stability.

However, this is no substitute for real-world testing. “Pull the plug” tests are the strongest way to test your network resilience, and it is during these tests that OOB networks provide the backup path for visibility and observability.

7. What features are required in a modern OOB network?

A modern OOB network should implement at least the following features:

• The solution should be connectivity agnostic. Modern OOB networks are effectively software defined WANs (SD-WAN) with a Remote Access Virtual Private Network (VPN) built in. Therefore, it shouldn’t matter if one uses IP transit, dedicated internet access (DIA), DSL, Fiber, Cable, or LTE/5G to create general access to the network.
• Offer robust abilities for micro-segmentation and user access control so that the concept of least privilege can be implemented. A modern OOB network should implement all elements of Zero Trust architectures.
• Widely available across platforms to your workforce from Windows, Mac OS, and Linux to mobile platforms like iOS and Android.
• Cloud orchestrated and managed so deploying an OOB network is a light burden on your IT infrastructure teams.

8. Are modern OOB networks expensive to acquire and operate?

They don’t have to be! Software Defined Networking (SDN) technology allows OOB networks to be flexibly and robustly designed across a variety of platforms. SD-WAN removes the need for costly leased lines and dedicated MPLS or VPLS solutions.

The components to a modern OOB network include:

• Dedicated low bandwidth network connections, which can often be bundled in at a reduced cost from your primary bandwidth providers.
• The OOB networking equipment itself.
• Monthly licensing and maintenance fees.

Often, the big cost in legacy OOB solutions is the site-to-site dedicated networking,particularly in the form of leased lines and/or MPLS services. An SD-WAN and VPN-based solution, carried over commodity DIA, can offer a more robust resiliency profile at a fraction of the cost.

9. OK OK OK, I know I need this, but it still seems like a lot. What are some real world examples of OOB networks helping to create network resiliency?

OK, well, you asked, and three big ones come to mind:

1. Rogers: July 2022

Rogers, a Canadian ISP, took a nationwide outage across wired and wireless networks across their entire footprint. Given the extensive nature of the outage and duration of the event, it is safe to assume that both in-band and out of band methods were hampered.

2. Facebook: October 4, 2021

Facebook takes a global outage. In their post-event blog publication, we learned that their recovery efforts were inhibited due to dependencies in their OOB network design that didn’t make their between quite as out of band as they thought…real diverse OOB is needed!

3. Centurylink: August 2020

Centurylink experienced a nationwide outage due to FlowSpec rule deployment, which hampered their remote access to the affected routers. Robust and diverse out of band could have provided a valuable safety net in applying, then backing out, the FlowSpec rule.

10. How does Big Network help to build secure Out of Band solutions?

Big Network provides a cloud orchestrated, secure, and robust networking solution to build OOB networks:

1. Cloud Networks provide AES-256 encrypted peer-to-peer full mesh tunnels via standard Internet access, plus role based access control, and network policy enforcement.
2. Edge Pro and Edge Lite are hardware SD-WAN gateways that join traditional networks, such as router management interfaces and console servers, to Cloud Networks.
3. Big Apps provide a remote access solution to Cloud Networks across a wide variety of devices and operating systems.

‍