[j-nsp] Managing MX480 fxp0

Chris Kawchuk juniperdude at gmail.com
Wed Jul 7 20:33:13 EDT 2010 

Answer:

interfaces {
    fxp0 {
        description "MANAGEMENT";
        speed 100m;
        link-mode full-duplex;
        unit 0 {
            family inet {
                address 10.2.1.100/24;
            }
        }
    }
}

routing-options {
    static {
        route 10.0.0.0/8 {
            next-hop 10.2.1.1;
            no-readvertise;
        }
        route 172.16.0.0/12 {
            next-hop 10.2.1.1;
            no-readvertise;
        }
        route 192.168.0.0/16 {
            next-hop 10.2.1.1;
            no-readvertise;
        }
    }
}

.... where 10.2.1.1 is some internal router on your management network, which knows how to get everywhere in your management cloud. RFC1918 stays inside, everything else stays outside. And since you cant go from transit interface to mamagement (fxp0), there's no way to get from public->private and vice versa.

No need for a vrf - assuming that all other IPs in use on the "production" part of the network are real IPs; as JunOS simply wont route from, say, xe-0/0/0.0 to fxp0; but management will be allowed.

Breaks if you tend to use private space on your Production 10G interfaces, tho =)


- Chris.




On 2010-07-07, at 1:16 PM, Jim Devane wrote:

> Hello,
> 
> I need some ideas/help on a scenario I am sure comes up a lot but having problems with.
> 
> I have an MX480. I want to be able to manage this MX from an internal (1918) network through the fxp0 port. The internal network is not flat but routed and there are several subnets which may contact the MX for management/polling. I was thinking/hoping to set up a VRF for this port and set routes/default route for the VRF to connect. It turns out I am not able to put fxp0 into a routing-instance. (errors on config checkout)
> So I put everything production in to a logical system leaving the fxp in the master instance and installing a default route for the master instance. This works, but now the MS-DPC will not export flows if it is in a logical system. So the logical system is out b/c the MS-DPC has to be in the master instance. But I can't but the fxp0 into a logical/routing instance.
> 
> What is the BCP/recommended method for managing this box if fxp0 is not a "public" routed interface?
> 
> Unfortunately, I don't have another port to place into a VRF besides the fxp0 (all other ports are 10G)
> 
> Thanks for any help/ideas!
> Jim
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list