[c-nsp] DNS rewrite & global capabilities

Roland Dobbins rdobbins at arbor.net
Mon Jun 29 10:56:17 EDT 2009


On Jun 29, 2009, at 9:40 PM, sthaug at nethelp.no wrote:

> SSH through the regular Internet-facing interface, with appropriate
> restrictions (hosts.allow or similar) also works very well. We have
> our DNS servers configured this way, and see no problems.

OOB management through a dedicated DCN has many advantages for both  
interactive access via ssh as well as telemetry polling/export via  
SNMP, NetFlow, et. al.  If in-band access is the only mechanism  
available, iACLs at the edge should ensure that administrative/ 
management operations can be performed in without interference from  
incoming traffic on the production network.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

         Unfortunately, inefficiency scales really well.

		   -- Kevin Lawton



More information about the cisco-nsp mailing list