[c-nsp] DNS rewrite & global capabilities
Roland Dobbins
rdobbins at arbor.net
Mon Jun 29 10:56:17 EDT 2009
On Jun 29, 2009, at 9:40 PM, sthaug at nethelp.no wrote:
> SSH through the regular Internet-facing interface, with appropriate
> restrictions (hosts.allow or similar) also works very well. We have
> our DNS servers configured this way, and see no problems.
OOB management through a dedicated DCN has many advantages for both
interactive access via ssh as well as telemetry polling/export via
SNMP, NetFlow, et. al. If in-band access is the only mechanism
available, iACLs at the edge should ensure that administrative/
management operations can be performed in without interference from
incoming traffic on the production network.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the cisco-nsp
mailing list