[j-nsp] Managing MX480 fxp0

William Jackson wjackson at sapphire.gi
Thu Jul 8 03:11:38 EDT 2010 

What we did as we have different IP ranges that access via the Fxp0 was
to NAT on the next-hop router connected to the FXP port. So that all
traffic appears to the fxp as if it was directly connected to it.



Best Regards
 
William Jackson
Technical Department
Sapphire Networks


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Kawchuk
Sent: 08 July 2010 02:33
To: Jim Devane
Cc: juniper-nsp
Subject: Re: [j-nsp] Managing MX480 fxp0

Answer:

interfaces {
    fxp0 {
        description "MANAGEMENT";
        speed 100m;
        link-mode full-duplex;
        unit 0 {
            family inet {
                address 10.2.1.100/24;
            }
        }
    }
}

routing-options {
    static {
        route 10.0.0.0/8 {
            next-hop 10.2.1.1;
            no-readvertise;
        }
        route 172.16.0.0/12 {
            next-hop 10.2.1.1;
            no-readvertise;
        }
        route 192.168.0.0/16 {
            next-hop 10.2.1.1;
            no-readvertise;
        }
    }
}

.... where 10.2.1.1 is some internal router on your management network,
which knows how to get everywhere in your management cloud. RFC1918
stays inside, everything else stays outside. And since you cant go from
transit interface to mamagement (fxp0), there's no way to get from
public->private and vice versa.

No need for a vrf - assuming that all other IPs in use on the
"production" part of the network are real IPs; as JunOS simply wont
route from, say, xe-0/0/0.0 to fxp0; but management will be allowed.

Breaks if you tend to use private space on your Production 10G
interfaces, tho =)


- Chris.




On 2010-07-07, at 1:16 PM, Jim Devane wrote:

> Hello,
> 
> I need some ideas/help on a scenario I am sure comes up a lot but
having problems with.
> 
> I have an MX480. I want to be able to manage this MX from an internal
(1918) network through the fxp0 port. The internal network is not flat
but routed and there are several subnets which may contact the MX for
management/polling. I was thinking/hoping to set up a VRF for this port
and set routes/default route for the VRF to connect. It turns out I am
not able to put fxp0 into a routing-instance. (errors on config
checkout)
> So I put everything production in to a logical system leaving the fxp
in the master instance and installing a default route for the master
instance. This works, but now the MS-DPC will not export flows if it is
in a logical system. So the logical system is out b/c the MS-DPC has to
be in the master instance. But I can't but the fxp0 into a
logical/routing instance.
> 
> What is the BCP/recommended method for managing this box if fxp0 is
not a "public" routed interface?
> 
> Unfortunately, I don't have another port to place into a VRF besides
the fxp0 (all other ports are 10G)
> 
> Thanks for any help/ideas!
> Jim
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list