gwe On Mon, 25 Nov 2019 at 21:41, Aaron Gould <[email protected]> wrote:
> Thanks, but I just moved the fxp0 ip address to a revenue interface to get > the pfe forwarding I needed. +1. I think 'management' ethernet is misnomer and massive risk. It's interface with direct access to control-plane, so if your MGMT LAN has L2 loop or such, you could break your entire network and there is really nothing you can configure to protect yourself at the device. I would personally not wire or use fxp0 unless I'm out of options. Some other vendors today have real out-of-band ethernet for MGMT, meaning own CPU, own memory, own OS not fate-sharing the control-plane, which is the correct solution for OOB, but not something we as a community are actively asking vendors to deliver. Kudos to Cisco insisting on putting this on newer platforms too, even when we, the customers, have not woken up on its utility. -- ++ytti _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
