Re: [j-nsp] out of band management - real OOB

[Pavel Lunin]

> I see two ways one can go about this. Either programmatically tunnel into
> an OOB L2 segment via a "bastion" host in an on-demand fashion, or point
> some routes (dynamically, or otherwise) into your internal network for
> management use.
>
> The risk of pointing routes into your internal network, IMO, is that
> very-specific ACLs for management access can begin to have a blurred
> distinction. RFC-1918 space can overlap, and public IPs within an internal
> network can sometimes overlap with an active transit path.
>
>
Why not just use a normal port/vlan, plug it where you would've plug fxp0
to, and than put it to a vrf/whatever?
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp