[j-nsp] in-band management interface vs. re firewall concepts/bcp
Jason Lixfeld
jason-jnsp at lixfeld.ca
Fri Jul 8 13:20:22 EDT 2016
I’m not quite following. This won’t work:
set interfaces lo0 unit 0 family inet address 10.219.60.54/32
set interfaces lo0 unit 0 family inet filter input-list V4-ACCEPT-COMMON-SERVICES
set interfaces lo0 unit 0 family inet filter input-list V4-ACCEPT-ESTABLISHED
set interfaces lo0 unit 0 family inet filter input-list V4-DISCARD-ALL
set routing-instances MANAGEMENT instance-type vrf
set routing-instances MANAGEMENT interface lo0.0
set routing-instances MANAGEMENT route-distinguisher 21949:21949
set routing-instances MANAGEMENT vrf-target target:21949:21949
> On Jul 7, 2016, at 6:07 PM, Clinton Work <clinton at scripty.com> wrote:
>
> I would still use lo0.0 as your always up in-band mgmt interface.
> JunOS doesn't support putting management into a routing-instance and I
> have been pushing Juniper for this. You can use inet.0 for management
> and additional logical routers for data traffic, but that is different
> than a Cisco management VRF.
>
> JunOS doesn't have an explicit control-plane interface and you attach
> your control-plane filter to lo0.0 instead.
>
> --
> Clinton Work
> Airdrie, AB
>
> On Thu, Jul 7, 2016, at 11:52 AM, Jason Lixfeld wrote:
>> Hey there,
>>
>> Coming from a Cisco background, I generally assign a loopback interface
>> as my in-band management channel. I stick that into my management VRF
>> and that’s that. Without knowing any better, my instinct would be to do
>> the same in JunOS, but it seems as though lo0 is the control plane
>> interface between user space and the re. That feels somewhat different
>> to me, because the Cisco equivalent is generally the control-plane
>> “interface”.
>
>>
>> So my question is what the best common practise is for an always-up,
>> in-band management channel on JunOS in an exclusively L3 environment
>> (i.e.: no vlan or irb interfaces used at all in the system) without
>> fully understanding whether that could also be lo0.0, or whether it
>> should be lo0.somethingelse, or whether it should be something else
>> entirely.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list