[j-nsp] out of band management - real OOB
Jonathan Lassoff
jof at thejof.com
Sat Sep 17 22:04:55 EDT 2011
I agree with all of these points, and it's a pretty classic problem with
managing devices that route.
The path I've gone down in most setups I've done is to simplify.
I place all devices within a site within an "out of band" LAN/broadcast
domain, and setup one (or two, depending on HA requirements) management
host(s) on that LAN with a connection to a DSL or analog modem.
Then, I only use the management port with other directly-connected hosts and
avoid the routing problem all-together.
In the cases where constant connections need to be made (SNMP polling,
configuration auditing, etc.), I've setup NAT or port forwarding rules in
iptables or pf on the management host.
--j
More information about the juniper-nsp
mailing list