[j-nsp] out of band management - real OOB

[Pavel Lunin]

2011/9/17 Chris Evans <chrisccnpspam2 at gmail.com>

> Juniper devices have out of band ethernet ports, but have the HUGE HUGE
> downfall of being in the main routing table conflicting with every other
> route.
>


BTW, can anyone give a good real-world example of a _routed_ OOB management
network usage?

As far as I understand the whole concept of OOB MGT IP interface was
invented to make the management network totally isolated from any transit
traffic. For security concerns, at the days when firewalls were not trusty
enough, when lack of Internet connection was not that big issue. If you
really need to implement this, you won't run into any routing conflict,
since it's a really separated network, will you?

But. Nowadays not really many folks run separate PCs for OOB MGT totally
apart of their LAN, corporate environment, email, Internet, etc. Even though
some conservators may still desire this sort of design, most NMS need an
Internet connection to update something. In this case — yes, you bump into a
routing conflict using fxp0, but why to use fxp0 in such a scenario?

An only exception I know of (looks like a real design flaw by Juniper) is
the SRX cluster case, where you MUST use fxp0 interfaces, if you want to
have access to particular members of a cluster. Otherwise you can only
access a virtual devise as a whole, with no clue which particular node you
connect to. Not so big problem in real world, to be honest, but if you are
required to connect it to, say, NSM, which goes to the Internet through this
same SRX cluster, you got a real pain in the rear (workarounds exist, of
course).

Sure, there are some good applications of fxp0 in field, but this does not
much relate to real routing issues.