[AusNOG] Management VRF

Ben Hohnke settra at gmail.com
Thu Dec 11 13:04:24 EST 2014


Thanks for the reply, Russel.
Small WISP, a few hundred routers and switches across the country.

A physically separated management network is ideal, and is what I'm aiming
for within our DC locations, however throughout our major POP's this just
isn't possible, due to the use of PtP wireless links. The best I can do is
VLAN seperation.

Thanks,

Ben

On Thu, Dec 11, 2014 at 12:55 PM, Russell Langton <russell3901 at gmail.com>
wrote:

> Hi Ben,
>
> I'm not sure of the size of your network here, but lets ask anyway....
>
> Is a dedicated management network out of the question?
> This would separate the data-plane from the control plane, and prevent any
> issues in the devices in-band effecting your control of the devices.
>
>
> On Thu, Dec 11, 2014 at 12:47 PM, Ben Hohnke <settra at gmail.com> wrote:
>
>> Hi Noggers,
>>
>> I've been doing a little research around management VRF's, mainly for
>> splitting my company's network management traffic into it's own VRF, to
>> shield it from any potential routing issues.
>> I know some of our kit, such as the Cisco ASR 1001 and cat4948's have
>> dedicated management ethernet interfaces locked in a management VRF.
>>
>> At this stage I see two common options:
>> Management traffic in a VRF with RFC1918 addressing, and
>> Management traffic in the global routing table, with customer traffic,
>> with BGP etc in a VRF (i.e, turn it all "inside out")
>>
>> I'm curious to see others thoughts on this, and what implementations
>> you've all put in place out there?
>>
>> Thanks,
>>
>> Ben
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141211/7651d6df/attachment.html>


More information about the AusNOG mailing list