Re: Best recommendation for out of band router access?

[Ryan Kozak via NANOG <nanog () lists nanog org>]

I've had customers who wanted to run more than just a console server on their OOB network and wanted a local firewall 
to put some controls around it. The Juniper branch SRXes can do 4G on an MPIM and Mist makes it interesting: you can 
give the boxes an in-band L3VPN and use that plus the OOB feed (wired or LTE) as two paths for the Mist SD-WAN back to 
your headend locations. They can also run Juniper's remote access VPN locally at each site at the same time if you 
want, all with security enforcement local to the site.

Overkill for a lot of shops but depending on what you want, and maybe how much of a Juniper shop you are, it's an 
interesting solution.

Regards,
Ryan


-------- Original Message --------
On 2025-09-25 09:39, Trey Scarborough via NANOG <nanog () lists nanog org> wrote:

>  We typically use a mikrotik LTAP orChateau depending on the location.
>  with a mix of LTE providers depending on location and don't worry about
>  static IPs. They all have wireguard connections back to a vps hosted
>  outside our network. In Data centers we use one of the IOT sim providers
>  that is sub $10 a month mainly because the LTE is just used to get the
>  router on the datacenters WIFI. After that if we need to download
>  firmware or anything that would be of any size its not over the LTE. In
>  our remote sites we started using US mobile as you can pool your data
>  plans and they provide access to ATT, T-mobile, and VZ networks. You can
>  load all 3 sims in a router ship it and then use which network network
>  is best after its on site.
>  
>  
>  Trey
>  
>  
>  On 9/24/25 6:16 PM, Jonathan Kalbfeld via NANOG wrote:
>  >
>  >
>  > Hello,
>  >
>  >
>  >
>  > Obviously dial up is no longer practical for most applications. I have a some of my gear co-located in a facility 
> in downtown Los Angeles where the idea of paying a monthly for a cross connect to get a phone line is just not 
> practical.
>  >
>  >
>  >
>  > Can anyone recommend an idea that's not super cost prohibitive that would involve some kind of 4G or 5G Sim with a 
> static IP address that is not CGNAT?
>  >
>  >
>  >
>  > I'm running OpenBSD for my Edge routers, so plugging in a USB is not guaranteed, so is there a product that might 
> have some kind of a bridge functionality where it will establish a mobile IP connection and then plug into my switch?
>  >
>  >
>  >
>  > Also open to reasonably priced provider recommendations. I don't need a lot of bandwidth since this would mostly 
> just be SSH or maybe openvpn traffic.
>  >
>  >
>  >
>  > If you know of service providers as well as recommended products, that would be ideal. I don't want to spend 
> thousands, but a few hundred dollars on gear seems reasonable.
>  >
>  >
>  >
>  > Very best,
>  >
>  > Jonathan
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  > Jonathan Kalbfeld
>  >
>  >   office:   +1 310 317 7933
>  >   fax:         +1 310 317 7901
>  >   home:       +1 310 317 7909
>  >   mobile:   +1 310 227 1662
>  >
>  >    ThoughtWave Technologies, Inc.
>  >   Studio City, CA 91604
>  >
>  > https://thoughtwave.com
>  >
>  >
>  >
>  >
>  > View our network at
>  >
>  > https://bgp.he.net/AS54380
>  >
>  >
>  >
>  > +1 844 42-LINUX
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  > _______________________________________________
>  > NANOG mailing list
>  > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/JMUJYP5Q5HWP44V2MLGPGTMMPMJYPL3K/
>  _______________________________________________
>  NANOG mailing list
>  https://lists.nanog.org/archives/list/nanog () lists nanog org/message/QM36U2MQPGSGODP2XVNJ45F7QUCWMZKW/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/YFJ3NRROW2SX6I566XENZT4GMYRHS7P6/