[j-nsp] Virtual Router

Leigh Porter leigh.porter at ukbroadband.com
Thu May 31 04:29:46 EDT 2007


Guy Davies wrote:
>> Hi,
>>
>>     
>>> As Chuck pointed out, though, the separation is far from complete.
>>> For example, if user A logs into logical-router A and starts modifying
>>> the config for logical-router A, then user B logs into logical-router
>>> B and modifies the config for logical-router B then does a commit, he
>>> will commit *all* changes to the config including those made by user
>>> A.  If those changes are syntactically incomplete, the commit may
>>> fail.  But worse, if they are syntactically correct but not correct in
>>> terms of the intended behaviour, you'll get the incorrect behaviour.
>>>       
>> Not that I disagree with your recommendation, but there is always the
>> option of "edit exclusive".
>>     
>
> Hi Sabri,
>
> You're absolutely right.  But you can bet that your customers will
> 'forget' to use it and screw up the config for everyone ;-)  I can see
> really useful applications for logical-routers but (having actually
> given this some serious thought for a customer of mine) I have come to
> the conclusion that giving customers access to config level would be a
> disaster waiting to happen.
>   

I am sure it'd not be too complex for Juniper to add some functionality 
to JUNOS to only let certain classes or individual usernames edit 
specific logical routers and them limit the commit to that logical router.

--
Leigh



More information about the juniper-nsp mailing list