Question

True VSP Fabric BCB IP management

  • 15 February 2019
  • 6 replies
  • 432 views

Please provide build information to build a Fabric, and IP managing the BCB Core switches from a Central station, because once you add a management C-VLAN it's no longer a BCB with only NNI interfaces. When you elable IP Shortcuts, the Core learns all the routes.

I could create a non-isid vlan and manage the Cores, but are there better options?

Is there any technique of managing a BCB without adding IP Shortcuts, because I don't believe a true BCB should be aware of all the routes.

Thanks

6 replies

Userlevel 2
Are you using VSP7200s or 8000?

If your BCB are VSP7000s or VSP8000s you can set up the Out-of-Band management interface with a Management IP.

On the VSP7Ks and 8K, the OoB interfaces is not routed, does not participate in the fabric, and is not part of the routing table.
Thanks for the response Paul.
My statement "I could create a non-isid vlan and manage the Cores" was due to only having 4450s in our LAB, but yes, the OOB interface on the 8000s.

So, you're not aware of any other way of achieving IP management of the BCB doesn't cause the route learning......some special command?

Thanks again anyway....much appreciated.
I tried to see if I could add a loopback interface to a Management VRF, but this didn't seem possible, so I'd end up with the BCB becoming a BEB if I added an "up" interface to the created Management VLAN.
Userlevel 2
Yes, I can understand your thinking. I can't recommend that because that IP will still be in the Local routing table. and I would need to test if that IP interface will be reachable from a BEB or other edge device if that IP/VLAN doesn't have an ISID.

the ULTIMATE solution would be to put all your management in the GRT, then use VRFs/L3VSNs for all your service traffic. Do you have the Premier Licenses?

That would be best practice.
Userlevel 2
I tried to see if I could add a loopback interface to a Management VRF, but this didn't seem possible, so I'd end up with the BCB becoming a BEB if I added an "up" interface to the created Management VLAN.

Management is only possible from the GRT and the OoB interfaces. This is a good thing and what makes VOSS very secure.

IPs in VRFs or L3VSNs will not reply to Http/https/telnet/ssh/SNMP etc etc....
Hi Michael,

This needs a bit effort,
However, you can use SPB shortcut routing with a Loopback Address (CLIP), in GRT.
For unwanted route learning you can use ISIS accept policy’s / route maps, to prevent/control IP route learning on your BCBs.
(e.g. you would only accept routes to (within) your Management Network (IP Subnet) / Central station)
(or just accept a default-route)

Best regards
Niko

Reply