[j-nsp] in-band management interface vs. re firewall concepts/bcp
Jason Lixfeld
jason-jnsp at lixfeld.ca
Thu Jul 7 13:52:32 EDT 2016
Hey there,
Coming from a Cisco background, I generally assign a loopback interface as my in-band management channel. I stick that into my management VRF and that’s that. Without knowing any better, my instinct would be to do the same in JunOS, but it seems as though lo0 is the control plane interface between user space and the re. That feels somewhat different to me, because the Cisco equivalent is generally the control-plane “interface”.
This lo0 impression is gleaned from reading up on how to secure the RE (Control-Plane Policing in Cisco spake) where the documentation makes reference to applying the RE firewall policy to unit 0 of lo0.
So my question is what the best common practise is for an always-up, in-band management channel on JunOS in an exclusively L3 environment (i.e.: no vlan or irb interfaces used at all in the system) without fully understanding whether that could also be lo0.0, or whether it should be lo0.somethingelse, or whether it should be something else entirely.
Thanks in advance.
More information about the juniper-nsp
mailing list