[45717] in North American Network Operators' Group
Re: it's here
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Wed Feb 13 12:01:42 2002
Date: Wed, 13 Feb 2002 11:56:18 -0500 (EST)
From: <jlewis@lewis.org>
To: jerry scharf <scharf@vix.com>
Cc: <nanog@merit.edu>
In-Reply-To: <189980000.1013618283@conure.laguna.vix.com>
Message-ID: <Pine.LNX.4.30.0202131148120.17083-100000@redhat1.mmaero.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 13 Feb 2002, jerry scharf wrote:
> This is why there are switches (using vlans if you choose) and router
> interfaces. Unless you are taking an OC3's worth of management traffic, you
> create a net just for your management traffic, put in on an interface and
> hang your entire site's snmp gear off of that. If you want it to be
> private, GRE and 1918 addresses are your friends, and filter to allow only
> traffic from those nets. None of this is new or hard.
Nice theory, but in practice it's a little ickier than you make it sound.
Consider most people on this list deal with networks (not just single
sites) spanning multiple states or countries.  Not everyone can afford to
build both a backbone and a separate management WAN.  Putting management
in 1918 space is ok at one location, but gets tricky on a large network.
Do we then also buy/maintain VPN hardware to connect all the various 1918
management networks to the NOC?
This actually might be an interesting use for MPLS VPN for those networks
where all the core gear supports it, but a totally separate management WAN
is cost prohibitive.
-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________