Before delving into the details of in-band and out-of-band concepts; let me state the purpose behind them. The purpose is to effectively manage and troubleshoot the networking devices and servers remotely. Let’s focus one thing at a time.
In-band: This one is the most common and widely used method for remote access and control of devices. In-band remote access is done over networking protocols such as SSH, Telnet and VNC. Since the ssh/telnet traffic shares the bandwidth of the real user traffic in production networks, it’s called in-band. As the management and business traffic share the common bandwidth it’s important to segregate the management traffic from the business traffic. A good design is to create a management Vlan and connect the management interface of all the devices to it. And guarding it by an ACL which allows the traffic from only a few known IP addresses. The management Vlan can also be used for device monitoring, system logging and SNMP.
If the network is down or severely degraded in-band access methods fail unless a second network called out-of-band has been previously setup.
Out-of-band: This is a separate network setup outside of production network should a need arise to manage the devices. Out-of-band remote access is implemented using an Access Server and connecting the management interface of the devices to it. The Access Server could have a Public IP. A modem or DSL line can be used to dial-in to the Access Server when its LAN/WAN link is down. Care should be taken to configure the Access Server and its ports assignment. Also the Access Server’s connectivity should be checked frequently along with its links to the managed devices.
One more method of having out-of-band network is using KVM switches. KVM switches provide BIOS- level access to remote servers and serial-console-level access to networking devices. Most of them come with internal modem as well.
Both in-band and out-of-band methods of remote access complement each other and help in managing the devices effectively.