[AA] if You actually still dealing with such issues in Your customer
networks, my condolences. Especially sad is the issue with management PC
- do Your customers use commodity Windows PC with freeware Solarwinds
version as NMS?
Yes, my customers (and companies at all) are not always ideal
On (2013-04-25 16:51 -0400), Phil Shafer wrote:
transfers. So the second network is rs232 _and_ fxp.
Brandon Ross wrote:
Both.
Either defend that statement or admit that it was overly broad.
Everyone seems to agree RS232 is granted. But some people feel you also
need to build FXP.
The
On (2013-04-24 20:54 -0400), Jeff Wheeler wrote:
My view is that fxp0 is an out-of-band interface for manual
intervention; not one that I ever use for SNMP.
My view is that fxp0 is completely useless interface.
It's not OOB, it's completely fate-sharing the freebsd/junos.
In RS232 you can at
2013/4/25 Brandon Ross br...@pobox.com
Many operators have backbone routers with 10's of 10GbE ports and maybe
even a few 40 or 100GbE ports at this point, perhaps a variety of SONET
still, etc.
Are you suggesting that they should purchase a 10/100/1000 copper card
just for management? Or
From: Saku Ytti s...@ytti.fi
And no, you would not use this FXP0 for SNMP or Netflow or whatnot.
--
++ytti
And why is that may I ask? Care to elaborate?
Just curious - maybe You don't know how to cook it properly :-)
I personally set up SNMPv1/v2/v3 over fxp0 enough times, including SNMPv3
On Thu, 25 Apr 2013, Saku Ytti wrote:
On (2013-04-24 20:54 -0400), Jeff Wheeler wrote:
My view is that fxp0 is an out-of-band interface for manual
intervention; not one that I ever use for SNMP.
My view is that fxp0 is completely useless interface.
It's not OOB, it's completely
From: Saku Ytti s...@ytti.fi
There is nothing stopping vendors from implementing netflow and SNMP in
HW,
allowing instant refresh of octet counters.
SNMPv3 would require encryption capabilities in HW making Your idea (a)
potentially too expensive and (b) prone to export restrictions==must
On Thu, 25 Apr 2013, Pavel Lunin wrote:
No, I propose to not even bother with copper, if you prefer. Just use a
VLAN or any other type of virtual circuit inside those TerabitEthernet /
SONET / FrameRelay / whatever.
So you propose to do away with the out of band network entirely, and
instead
On 4/25/13 7:55 AM, Brandon Ross wrote:
On Thu, 25 Apr 2013, Saku Ytti wrote:
On (2013-04-24 20:54 -0400), Jeff Wheeler wrote:
My view is that fxp0 is an out-of-band interface for manual
intervention; not one that I ever use for SNMP.
there are differing deployment models, our pop routers
On (2013-04-25 16:04 +0100), Alex Arseniev wrote:
SNMPv3 would require encryption capabilities in HW making Your idea
(a) potentially too expensive and (b) prone to export
restrictions==must develop maintain 2 separate HW sets, same as
for JUNOS software.
HW port can easily go through RE if
On (2013-04-25 10:55 -0400), Brandon Ross wrote:
I'm not sure why we are suddenly debating the benefits and drawbacks
of RS232. The two interface types are there for very different
reasons.
Done right, you'd need one MGMT interface, and ethernet is obvious
solution.
That essentially what
On (2013-04-25 08:29 -0700), joel jaeggli wrote:
It's not OOB, it's completely fate-sharing the freebsd/junos.
it's not part of the forwarding plane so it certainly is not
in-band, what you connect it to of course is your business. we
connect them to our oob network.
Yes it's not
Well, I agree, if you are brave enough to run a real OOB management
network, you have reasons to use fxp0 on the devices, that don't have 1G
ports, though I believe it's at least not cheaper than buying 1GE ports
just for management :) But in my experience real OOB mgt is a too rare
case in real
25.04.2013 19:04, Alex Arseniev wrote:
Netflow does NOT require encryption as standard (SNMPv3 does).
Netflow or stateful log export is very often not supported on fxp0 and
analogues. Even if it is, high rate of those logs can easily overwhelm
RE or the link between RE and data plane.
(a)
On Thu, 25 Apr 2013, Saku Ytti wrote:
On (2013-04-25 10:55 -0400), Brandon Ross wrote:
I'm not sure why we are suddenly debating the benefits and drawbacks
of RS232. The two interface types are there for very different
reasons.
Done right, you'd need one MGMT interface, and ethernet is
From: Saku Ytti s...@ytti.fi
To: juniper-nsp@puck.nether.net
Sent: Thursday, April 25, 2013 4:34 PM
HW port can easily go through RE if needed.
Unless there is single ASIC in the box, that would be statistical
multiplexing.
Unless You wish to maintain full potential perf.gain from
On Thu, 25 Apr 2013, Saku Ytti wrote:
On (2013-04-25 08:29 -0700), joel jaeggli wrote:
It's not OOB, it's completely fate-sharing the freebsd/junos.
it's not part of the forwarding plane so it certainly is not
in-band, what you connect it to of course is your business. we
connect them to our
On Thu, 25 Apr 2013, Pavel Lunin wrote:
Well, I agree, if you are brave enough to run a real OOB management
network, you have reasons to use fxp0 on the devices, that don't have 1G
ports, though I believe it's at least not cheaper than buying 1GE ports
just for management :)
I suppose that's
- Original Message -
From: Saku Ytti s...@ytti.fi
To: juniper-nsp@puck.nether.net
Yes it's not fate-sharing forwarding-plane, but it's fate-sharing the
whole
control-plane.
No, it is not.
fxp0 is fully functional on backup RE (including Telnet/SSH/SNMP) - and
backup RE by default
On (2013-04-25 12:56 -0400), Brandon Ross wrote:
I guess I'm just the lucky one that gets routers that freak out due
to a bug (not necessarily just Juniper, but in general) or attack or
Yes it does happen. And yes it can break host OS completely, so that your
fpx0 does not nothing. At least on
* Saku Ytti
That essentially what we are talking about. Connect fxp0 to a
SEPARATE switch that is used for only out of band traffic. You then
use this network to copy images, etc. What am I missing here?
What are you winning by not doing this on-band in HW interface?
Cost. The fxp0 port
On 4/25/13 8:47 AM, Saku Ytti wrote:
On (2013-04-25 08:29 -0700), joel jaeggli wrote:
It's not OOB, it's completely fate-sharing the freebsd/junos.
it's not part of the forwarding plane so it certainly is not
in-band, what you connect it to of course is your business. we
connect them to our
On (2013-04-25 10:21 -0700), joel jaeggli wrote:
Why build fxp0, if you need inband for something anyhow? It costs money,
adds complexity,
I doubt the impact on the BOM is signficant. the EM0/EM1 interfaces
and the two ethernet switches embedded in the SCBs are a
I mean FXP0 MGMT NET costs
On (2013-04-25 19:20 +0200), Tore Anderson wrote:
Use of the fxp0 port doesn't require any more ports/wiring than the CMP
style approach you appear to be advocating?
My point is, with FXP0 I still need to build RS232 network as well. With
CMP not.
I fully accept you need on-band + OOB, but you
- Original Message -
From: Pavel Lunin plu...@senetsy.ru
To: juniper-nsp@puck.nether.net
Sent: Thursday, April 25, 2013 5:48 PM
Subject: Re: [j-nsp] SNMP on logical-system fxp0
25.04.2013 19:04, Alex Arseniev wrote:
Netflow does NOT require encryption as standard (SNMPv3 does
2013/4/25 Brandon Ross br...@pobox.com
But in my experience real OOB mgt is a too rare case in real life of the
ISP world.
We have very different experiences then. I'm not claiming it's a
majority, but I will claim that many of the largest networks in the world
do, indeed, have true OOB
On Thu, 25 Apr 2013, Pavel Lunin wrote:
2013/4/25 Brandon Ross br...@pobox.com
But in my experience real OOB mgt is a too rare case in real life of the
ISP world.
We have very different experiences then. I'm not claiming it's a
majority, but I will claim that many of the largest networks
On (2013-04-25 17:53 +0100), Alex Arseniev wrote:
I feel the need to return the favour here :-)
SNMPv3 generated in ASIC and transiting via RE (for the purpose of
being encrypted) is NOT in HW.
It would be classified as HW-assisted.
Quite. The main point is, in FXP you can never capitalize
On (2013-04-25 13:03 -0400), Brandon Ross wrote:
We have very different experiences then. I'm not claiming it's a
majority, but I will claim that many of the largest networks in the
world do, indeed, have true OOB management networks. Enough that
I'm not saying don't build OOB, I'm saying,
On (2013-04-25 18:07 +0100), Alex Arseniev wrote:
No, it is not.
fxp0 is fully functional on backup RE (including Telnet/SSH/SNMP) -
and backup RE by default does not run any control plane functions
apart from monitoring master RE.
Not all devices have two RE. But this indeed is what we
Saku Ytti writes:
I'm not saying don't build OOB, I'm saying, I don't want to build three
networks to access the router. On-band is given. So will the second network
be rs232 or fxp?
Both of them are bad options, but RS232 is less bad, as you can reboot the
box even if JunOS is wonky.
From what
2013/4/25 Alex Arseniev alex.arsen...@gmail.com
Correct. Do you expect someone to attack fxp0 from within Your OOB network?
Rogue NMS server perhaps?
In a big enough network — anything. Broken NMS (it turns out to happen more
often than I could think), malware on management PC, misconfigured
- Original Message -
From: Pavel Lunin
To: Alex Arseniev
Cc: juniper-nsp
Sent: Thursday, April 25, 2013 9:56 PM
Subject: Re: [j-nsp] SNMP on logical-system fxp0
In a big enough network — anything. Broken NMS (it turns out to happen more
often than I could think
On Thu, 25 Apr 2013, Saku Ytti wrote:
On (2013-04-25 13:03 -0400), Brandon Ross wrote:
We have very different experiences then. I'm not claiming it's a
majority, but I will claim that many of the largest networks in the
world do, indeed, have true OOB management networks. Enough that
I'm
20.04.2013 01:45, Chip Marshall write:
So, I have an MX5 with it's fxp0 management interface connect to
one network, which I've placed in a logical-system so it can have
it's own default route for out-of-band management.
This is what I never understood. Why people want to use fxp0 (or any
On Wed, 24 Apr 2013, Pavel Lunin wrote:
This is what I never understood. Why people want to use fxp0 (or any
other dedicated management) iface for real production management?
Many operators have backbone routers with 10's of 10GbE ports and maybe
even a few 40 or 100GbE ports at this point,
On Wed, Apr 24, 2013 at 7:17 PM, Brandon Ross br...@pobox.com wrote:
On Wed, 24 Apr 2013, Pavel Lunin wrote:
This is what I never understood. Why people want to use fxp0 (or any
other dedicated management) iface for real production management?
Are you suggesting that they should purchase a
Hmm. Or set a route to the mgt net in the default table whose next hop is
the mgt table? I've had to do this on high end sex to get traffic loss to
go out the data plane.
On Apr 19, 2013 7:32 PM, OBrien, Will obri...@missouri.edu wrote:
Agreed. That's the way to do it.
On Apr 19, 2013, at 5:37
Sigh. High end SRX.
On Apr 20, 2013 8:31 AM, Nicholas Oas nicholas@gmail.com wrote:
Hmm. Or set a route to the mgt net in the default table whose next hop is
the mgt table? I've had to do this on high end sex to get traffic loss to
go out the data plane.
On Apr 19, 2013 7:32 PM, OBrien,
Hi
the fxp0 interface is bound to the RE, witch always resides in the first
logical system and ist bound to the default routing table or master table,
which is inet.0. All route lookups regarding the RE start in inet.0.
Just put all your productive interfaces in a separate virtual router and
-nsp@puck.nether.net
Sent: Saturday, April 20, 2013 11:23:20 AM
Subject: Re: [j-nsp] SNMP on logical-system fxp0
Hi
the fxp0 interface is bound to the RE, witch always resides in the first
logical system and ist bound to the default routing table or master table,
which is inet.0. All route
So, I have an MX5 with it's fxp0 management interface connect to
one network, which I've placed in a logical-system so it can have
it's own default route for out-of-band management.
show configuration logical-systems
Management {
interfaces {
fxp0 {
unit 0 {
On Fri, 19 Apr 2013, Chip Marshall wrote:
So, I have an MX5 with it's fxp0 management interface connect to
one network, which I've placed in a logical-system so it can have
it's own default route for out-of-band management.
[snip]
The problem is the replies to SNMP queries are being routed
Agreed. That's the way to do it.
On Apr 19, 2013, at 5:37 PM, Brandon Ross br...@pobox.com
wrote:
On Fri, 19 Apr 2013, Chip Marshall wrote:
So, I have an MX5 with it's fxp0 management interface connect to
one network, which I've placed in a logical-system so it can have
it's own default
44 matches
Mail list logo
