[j-nsp] SNMP on logical-system fxp0
Pavel Lunin
plunin at senetsy.ru
Fri Apr 26 02:57:43 EDT 2013
>
> [AA] if You actually still dealing with such issues in Your customer
> networks, my condolences. Especially sad is the issue with "management PC"
> - do Your customers use commodity Windows PC with freeware Solarwinds
> version as NMS?
>
Yes, my customers (and companies at all) are not always ideal and I don't
want to rely on the contrary assumption :) And it has nothing to do with
the "freewareness" and "windowsness". One particular case of a DoS from NMS
was Micromuse run on Solaris on SUN hardware, configured by true educated
and certified staff. And of course people need PCs to manage networks, and
they don't listen, when I say "don't use Windows" and sometimes even "don't
forget to purchase a new license for your anvi-virus".
> This is why I'd prefer to have more tools to be sure.
>>
>> [AA] Not sure if I follow, if BUs are administratively separate, how
> having a "true OOB interface" (i.e. CMP in Routing Engine) would make Your
> life easier?
>
No, I didn't mean "true OOB interface". I meant real HW [sub]interface.
(The prefix "sub" is what allows to not buy 1G cards specially for
management :) I can protect it with true HW policers and ACLs, apply true
CoS, if I need, put it into a VR, use FBF, VLAN rewrite, bundle two ports
in a LAG, be sure I'll find in the docs whether something is supported,
etc. I even want the management network to be connected to the Internet
(OMG), through a firewall, of course.
CMP on routing engine would help to do a lot of other things, but it's not
for everyday routine management either. Just like nobody uses iLO/IRMC/etc
on servers to manage them.
So, yes, I am not talking about built from scratch ideal management
networks run by ideal people in spherical vacuum. If the national ISP,
you've mentioned, is an example of such a paradise (though we both know
it's not :), I can only envy them.
OK, I think it's enough for this topic. Sorry for kindling the flame.
More information about the juniper-nsp
mailing list