[j-nsp] out of band management - real OOB
Pavel Lunin
plunin at senetsy.ru
Mon Sep 19 17:16:41 EDT 2011
> I see two ways one can go about this. Either programmatically tunnel into
> an OOB L2 segment via a "bastion" host in an on-demand fashion, or point
> some routes (dynamically, or otherwise) into your internal network for
> management use.
>
> The risk of pointing routes into your internal network, IMO, is that
> very-specific ACLs for management access can begin to have a blurred
> distinction. RFC-1918 space can overlap, and public IPs within an internal
> network can sometimes overlap with an active transit path.
>
>
Why not just use a normal port/vlan, plug it where you would've plug fxp0
to, and than put it to a vrf/whatever?
More information about the juniper-nsp
mailing list