[j-nsp] Managing MX480 fxp0
Saku Ytti
saku at ytti.fi
Tue Nov 26 03:07:25 EST 2019
gwe
On Mon, 25 Nov 2019 at 21:41, Aaron Gould <aaron1 at gvtc.com> wrote:
> Thanks, but I just moved the fxp0 ip address to a revenue interface to get the pfe forwarding I needed.
+1. I think 'management' ethernet is misnomer and massive risk. It's
interface with direct access to control-plane, so if your MGMT LAN has
L2 loop or such, you could break your entire network and there is
really nothing you can configure to protect yourself at the device.
I would personally not wire or use fxp0 unless I'm out of options.
Some other vendors today have real out-of-band ethernet for MGMT,
meaning own CPU, own memory, own OS not fate-sharing the
control-plane, which is the correct solution for OOB, but not
something we as a community are actively asking vendors to deliver.
Kudos to Cisco insisting on putting this on newer platforms too, even
when we, the customers, have not woken up on its utility.
--
++ytti
More information about the juniper-nsp
mailing list