[j-nsp] SNMP on logical-system fxp0

[Pavel Lunin]

20.04.2013 01:45, Chip Marshall write:
> So, I have an MX5 with it's fxp0 management interface connect to
> one network, which I've placed in a logical-system so it can have
> it's own default route for out-of-band management.

This is what I never understood. Why people want to use fxp0 (or any
other "dedicated management") iface for real production management?
Well, of course we need some sort of special management VLAN or routed
infrastructure to separate management from the payload-carrying network,
but what is the reason to bypass data plane and plug it right into the
RR? Even leaving apart all the troubles like discussed in this thread,
implied by impossibility to use a lot of forwarding features (you can't
even connect it to two switches for backup), this deprives you to
protect the RE using hardware filters and policers. Say, I saw a couple
quite serious cases when a crazy "trusted" NMS DoSed routers with lots
of ICMP probes and SNMP.

In my opinion fxp0 is a thing much like console port, which is useful
when you intentionally need to access the control plane directly (and
this is why you better thing in advance of where it's plugged into and
which subnet it belongs), but as a full-time management interface it
seems to bring more troubles than benefits.