Re: What are folks using for serial consoles these days?

[Lukasz Bromirski via NANOG <nanog () lists nanog org>]

Brandon,

> On 24 Dec 2025, at 00:11, Brandon Butterworth <brandon () bogons net> wrote:
>
> It will just sit alongside the control plane management ethernet port
> so probably no advantage to them for the few occasions that port
> locks up. When it does lock up they just send a tech or use the
> PDU relay to switch it off and on again.

Just like Philip wrote, additional, dedicated ports seem to only
confuse people these days. Maybe we traded too much of hardware for
software.

> I'm even fine with it remaining serial. As an original Sun LOM adopter
> I value the LOM being really simple and not another OS with added
> attack surface to maintain. A built in BMC sharing ports with other
> stuff sounds less reliable to me.

I never said "shared". Dedicated and connected to this CPU/SoC, with
it's own flash. Doing anything shared outside of power/fans in this
case just defeats the purpose.

> > And even *I* have LTE access to my own rack(s), including console ports.
> We just use ISR 4451: serial, ethernet, 4G, sfp for OOB waves,
> dual psu, big spare SM slot to hide the rPI DMZ host, all in one box.
> Only external part is the managed PDU.

Yup, 2901, same thing. Despite the comments, it can be very much
hardened. If its current SSH implementation is not up to your liking,
you can always simply terminate IPsec tunnel using certs and use that
to access the device and devices behind it. Yeah, it's not wireguard.
For 115200 you don't have need anything super powerful, and 2800/2900
class router can do a lot of IPsec to be enough for terminal access.

I like the "SM slot to hide the RPi DMZ host" :) Never thought about it.

-- 
./
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/2CHDIED46XSHHTHF2CYFULG4D22HRETL/