I'm currently working on a design and am looking for some opinions born of recent experience, whether good or bad.
What are your thoughts about connecting management gear to the core vs a "management" vrf?
In my last deployment/buildout a few years ago, there were several issues with use of mgmt vrfs such as no support for tacacs servers in the vrf. And snmp, if I recall correctly, was broken. Booting/upgrading code from rommon was not possible via vrf'd interface.
I understand that snmp is now vrf aware, but from your experience, how real are these other concerns? Are there other issues with one approach versus the other?
if you are talking about managing the actual core devices i.e. P/PE routers then you should be managing them via some sort of DCN network via the routers management port. If your talking about managing CE devices then you should be managing those devices via a management vrf where you leak in the loopback of the CE to the management vrf.
Understood and agreed. I suppose I muddied the question when I mentioned snmp. P/PE are my concern here. Many devices in this network do not have physical management ports beyond the totally oob console/aux. Long story short, customer has never historically been a carrier, and ordered enterprise type equipment on Cisco's advice prior to my involvement. So I'll be carving out VCs and landing them either on core or vrf'd interfaces. My question is where to attach the DCN.
So if I understand the implications, if there are no mgmt ports on P/PE, then core connectivity is still the way to go. Do all the limitations I mentioned still exist?
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?