[j-nsp] SNMP on logical-system fxp0

joel jaeggli joelja at bogus.com
Thu Apr 25 11:29:28 EDT 2013 

On 4/25/13 7:55 AM, Brandon Ross wrote:
> On Thu, 25 Apr 2013, Saku Ytti wrote:
>
>> On (2013-04-24 20:54 -0400), Jeff Wheeler wrote:
>>
>>> My view is that fxp0 is an out-of-band interface for manual
>>> intervention; not one that I ever use for SNMP.
there are differing deployment models, our pop routers are polled by 
devices that are located on their oob network. they are also polled 
inband...

I know personally that it would be convenient to put the management 
interfaces in another routing instance and have snmp  work. the former 
works, the later doesn't. I belive that there have been feature requests 
about that for some time.
>>
>> My view is that fxp0 is completely useless interface.
>>
>> It's not OOB, it's completely fate-sharing the freebsd/junos.
it's not part of the forwarding plane so it certainly is not in-band, 
what you connect it to of course is your business. we connect them to 
our oob network.
> OOB in this context refers to having a different path through the 
> network than the path used for production IP traffic.  I see the value 
> in having an Ethernet/IP interface that is not fate-sharing with the 
> core OS as well, but that doesn't make fxp0 completely useless as 
> previously stated.
>
>> In RS232 you can at least do 'panic-on-break', not having to rely
>> freebsd/junos to work to kick the box.
>> But RS232 sucks otherwise:
>
> I'm not sure why we are suddenly debating the benefits and drawbacks 
> of RS232.  The two interface types are there for very different reasons.
>
>> Of course correct solution would be, to connect fxp0 to separate HW,
>> running its own miniOS, from which you could copy imagees, reload RE 
>> etc.
>
> That essentially what we are talking about.  Connect fxp0 to a 
> SEPARATE switch that is used for only out of band traffic.  You then 
> use this network to copy images, etc.  What am I missing here?
>
a basband management controller...

In DUAL RE deployments that's  somewhat less acute becasue you can power 
cycle the SCB that the alternate RE is in. but having serial console on 
on ethernet for example would eliminate a terminal server potentiallly 
and that needs to happen eventually imho.

>> And no, you would not use this FXP0 for SNMP or Netflow or whatnot.
>
> Sure you can, I've done it, others here have said they've done it. 
> Assuming the OOB network is well protected from outside traffic to 
> avoid attacks and the like, why not?
inline flow export is generated in linecard asics so it's not really 
suitable for the oob port.

More information about the juniper-nsp mailing list