True VSP Fabric BCB IP management
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-15-2019 08:04 AM
Please provide build information to build a Fabric, and IP managing the BCB Core switches from a Central station, because once you add a management C-VLAN it's no longer a BCB with only NNI interfaces. When you elable IP Shortcuts, the Core learns all the routes.
I could create a non-isid vlan and manage the Cores, but are there better options?
Is there any technique of managing a BCB without adding IP Shortcuts, because I don't believe a true BCB should be aware of all the routes.
Thanks
I could create a non-isid vlan and manage the Cores, but are there better options?
Is there any technique of managing a BCB without adding IP Shortcuts, because I don't believe a true BCB should be aware of all the routes.
Thanks
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-18-2019 02:42 PM
Hi Michael,
This needs a bit effort,
However, you can use SPB shortcut routing with a Loopback Address (CLIP), in GRT.
For unwanted route learning you can use ISIS accept policy’s / route maps, to prevent/control IP route learning on your BCBs.
(e.g. you would only accept routes to (within) your Management Network (IP Subnet) / Central station)
(or just accept a default-route)
Best regards
Niko
This needs a bit effort,
However, you can use SPB shortcut routing with a Loopback Address (CLIP), in GRT.
For unwanted route learning you can use ISIS accept policy’s / route maps, to prevent/control IP route learning on your BCBs.
(e.g. you would only accept routes to (within) your Management Network (IP Subnet) / Central station)
(or just accept a default-route)
Best regards
Niko
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-15-2019 12:03 PM
Management is only possible from the GRT and the OoB interfaces. This is a good thing and what makes VOSS very secure.
IPs in VRFs or L3VSNs will not reply to Http/https/telnet/ssh/SNMP etc etc....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-15-2019 12:01 PM
Yes, I can understand your thinking. I can't recommend that because that IP will still be in the Local routing table. and I would need to test if that IP interface will be reachable from a BEB or other edge device if that IP/VLAN doesn't have an ISID.
the ULTIMATE solution would be to put all your management in the GRT, then use VRFs/L3VSNs for all your service traffic. Do you have the Premier Licenses?
That would be best practice.
the ULTIMATE solution would be to put all your management in the GRT, then use VRFs/L3VSNs for all your service traffic. Do you have the Premier Licenses?
That would be best practice.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-15-2019 11:56 AM
I tried to see if I could add a loopback interface to a Management VRF, but this didn't seem possible, so I'd end up with the BCB becoming a BEB if I added an "up" interface to the created Management VLAN.
