<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">We use RFC1918. Less chance that any
packets returning in case one day someone joins the networks by
mistake. Then again we also have a backup out of band RS232
network of consoles in both DC's that are totally out of band no
IP. Just to be sure. <br>
<br>
Matt.<br>
<br>
<br>
On 11/12/2014 12:55 pm, Russell Langton wrote:<br>
</div>
<blockquote
cite="mid:CAGq70S+JMyq=KdPgpPhxpAo7__c6xN0zD6JuaNYKKcrw7tFNnA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi Ben,<br>
<br>
</div>
<div>I'm not sure of the size of your network here, but lets ask
anyway....<br>
</div>
<div><br>
Is a dedicated management network out of the question?<br>
</div>
This would separate the data-plane from the control plane, and
prevent any issues in the devices in-band effecting your control
of the devices.<br>
<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Dec 11, 2014 at 12:47 PM, Ben
Hohnke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:settra@gmail.com" target="_blank">settra@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Hi Noggers,<br>
<br>
</div>
I've been doing a little research around management
VRF's, mainly for splitting my company's network
management traffic into it's own VRF, to shield it
from any potential routing issues. <br>
</div>
<div>I know some of our kit, such as the Cisco ASR 1001
and cat4948's have dedicated management ethernet
interfaces locked in a management VRF.<br>
</div>
<div><br>
</div>
<div>At this stage I see two common options:<br>
</div>
<div>Management traffic in a VRF with RFC1918
addressing, and<br>
</div>
<div>Management traffic in the global routing table,
with customer traffic, with BGP etc in a VRF (i.e,
turn it all "inside out")<br>
</div>
<div><br>
</div>
I'm curious to see others thoughts on this, and what
implementations you've all put in place out there?<br>
<br>
</div>
Thanks,<br>
<br>
Ben<br>
</div>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
/* Matt Perkins
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
Office 1300 133 299 <a class="moz-txt-link-abbreviated" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a>
Level 6, 350 George Street Sydney 2000
PGP/GNUPG Public Key can be found at <a class="moz-txt-link-freetext" href="http://pgp.mit.edu">http://pgp.mit.edu</a>
*/
</pre>
</body>
</html>