[j-nsp] Managing MX480 fxp0

Chuck Anderson cra at WPI.EDU
Thu Jul 8 08:16:33 EDT 2010


It's not about using the line cards.  It's about keeping the fxp0 
routes separate and isolated from the production routes.  If you 
happen to have overlapping address ranges between your production and 
management subnets, you will have a problem that fxp0 routes will 
interfere with production traffic and vice versa unless you can put 
one or the other into a VRF.

On Thu, Jul 08, 2010 at 05:33:18PM +1000, Truman Boyes wrote:
> Putting fxpX or meX interfaces into a VRF is not a good idea. I 
> understand that you want to have a management VPN, that idea is 
> fine, but the host routing from the routing engine should not have 
> to rely on other features/line cards of the box that may need to be 
> serviced.
> 
> I tend to use loopback addresses inside l3vpns that I can reach via 
> my OSS networks, and this works perfectly for basic NMS-type of 
> operations.
> 
> Even still, a routing-engine that suffers in booting a line card 
> that provides MPLS uplinks would be out of commission if the VRF 
> routing was not working.
> 
> Cheers,
> Truman
> 
> On 8/07/2010, at 6:22 AM, Chris Evans wrote:
> 
> > Send a bitch email to juniper. I have been begging for the capability to put
> > the fxp into a vrf.
> > 
> > On Jul 7, 2010 3:53 PM, "Jim Devane" <jdevane at switchnap.com> wrote:
> > 
> > Hello,
> > 
> > I need some ideas/help on a scenario I am sure comes up a lot but having
> > problems with.
> > 
> > I have an MX480. I want to be able to manage this MX from an internal (1918)
> > network through the fxp0 port. The internal network is not flat but routed
> > and there are several subnets which may contact the MX for
> > management/polling. I was thinking/hoping to set up a VRF for this port and
> > set routes/default route for the VRF to connect. It turns out I am not able
> > to put fxp0 into a routing-instance. (errors on config checkout)
> > So I put everything production in to a logical system leaving the fxp in the
> > master instance and installing a default route for the master instance. This
> > works, but now the MS-DPC will not export flows if it is in a logical
> > system. So the logical system is out b/c the MS-DPC has to be in the master
> > instance. But I can't but the fxp0 into a logical/routing instance.
> > 
> > What is the BCP/recommended method for managing this box if fxp0 is not a
> > "public" routed interface?
> > 
> > Unfortunately, I don't have another port to place into a VRF besides the
> > fxp0 (all other ports are 10G)
> > 
> > Thanks for any help/ideas!
> > Jim


More information about the juniper-nsp mailing list