[j-nsp] in-band management interface vs. re firewall concepts/bcp
Clinton Work
clinton at scripty.com
Thu Jul 7 18:07:27 EDT 2016
I would still use lo0.0 as your always up in-band mgmt interface.
JunOS doesn't support putting management into a routing-instance and I
have been pushing Juniper for this. You can use inet.0 for management
and additional logical routers for data traffic, but that is different
than a Cisco management VRF.
JunOS doesn't have an explicit control-plane interface and you attach
your control-plane filter to lo0.0 instead.
--
Clinton Work
Airdrie, AB
On Thu, Jul 7, 2016, at 11:52 AM, Jason Lixfeld wrote:
> Hey there,
>
> Coming from a Cisco background, I generally assign a loopback interface
> as my in-band management channel. I stick that into my management VRF
> and that’s that. Without knowing any better, my instinct would be to do
> the same in JunOS, but it seems as though lo0 is the control plane
> interface between user space and the re. That feels somewhat different
> to me, because the Cisco equivalent is generally the control-plane
> “interface”.
>
> So my question is what the best common practise is for an always-up,
> in-band management channel on JunOS in an exclusively L3 environment
> (i.e.: no vlan or irb interfaces used at all in the system) without
> fully understanding whether that could also be lo0.0, or whether it
> should be lo0.somethingelse, or whether it should be something else
> entirely.
More information about the juniper-nsp
mailing list