[j-nsp] SNMP on logical-system fxp0
Alex Arseniev
alex.arseniev at gmail.com
Thu Apr 25 11:04:20 EDT 2013
From: "Saku Ytti" <saku at ytti.fi>
> There is nothing stopping vendors from implementing netflow and SNMP in
> HW,
> allowing instant refresh of octet counters.
SNMPv3 would require encryption capabilities in HW making Your idea (a)
potentially too expensive and (b) prone to export restrictions==>must
develop && maintain 2 separate HW sets, same as for JUNOS software.
> Netflow often is already implemented in HW.
Netflow does NOT require encryption as standard (SNMPv3 does).
> And as Jeff mentioned, you cannot do CoPP to protect your RE from being
> congested by fxp0 traffic. Something simple and easy mistake to do as L2
> loop in FXP0 could be disaster, and no way to protect.
(a) lo0.0 filter copy is applied to fxp0 as well
(b) only if You build OOB network as flat L2 I would expect L2 BUM storms
affecting fxp0.
The providers I worked with build their OOB networks using same design
principles as their production networks - never flat L2, routed hops, every
site has at least 1 (often 2 or multi-staged) firewall(s) protecting the
rest of the OOB domain from "rogue elements".
HTH
Thanks
Alex
More information about the juniper-nsp
mailing list