[AusNOG] Management VRF

Matt Perkins matt at spectrum.com.au
Thu Dec 11 13:01:40 EST 2014


We use RFC1918. Less chance that any packets returning in case one day 
someone joins the networks by mistake. Then again we also have a backup 
out of band RS232 network of consoles in both DC's that are totally out 
of band no IP. Just to be sure.

Matt.


On 11/12/2014 12:55 pm, Russell Langton wrote:
> Hi Ben,
>
> I'm not sure of the size of your network here, but lets ask anyway....
>
> Is a dedicated management network out of the question?
> This would separate the data-plane from the control plane, and prevent 
> any issues in the devices in-band effecting your control of the devices.
>
>
> On Thu, Dec 11, 2014 at 12:47 PM, Ben Hohnke <settra at gmail.com 
> <mailto:settra at gmail.com>> wrote:
>
>     Hi Noggers,
>
>     I've been doing a little research around management VRF's, mainly
>     for splitting my company's network management traffic into it's
>     own VRF, to shield it from any potential routing issues.
>     I know some of our kit, such as the Cisco ASR 1001 and cat4948's
>     have dedicated management ethernet interfaces locked in a
>     management VRF.
>
>     At this stage I see two common options:
>     Management traffic in a VRF with RFC1918 addressing, and
>     Management traffic in the global routing table, with customer
>     traffic, with BGP etc in a VRF (i.e, turn it all "inside out")
>
>     I'm curious to see others thoughts on this, and what
>     implementations you've all put in place out there?
>
>     Thanks,
>
>     Ben
>
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
/* Matt Perkins
         Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
         Office 1300 133 299     matt at spectrum.com.au
                                 Level 6, 350 George Street Sydney 2000
         PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
*/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141211/f6b57e27/attachment.html>


More information about the AusNOG mailing list