cancel
Showing results for 
Search instead for 
Did you mean: 

VSP8600 is the Management Interface Really Out-of-band

VSP8600 is the Management Interface Really Out-of-band

Anonymous
Not applicable

Hi,

Just in the process of configuring a VSP8600 and wanted to use the Mgmt interface in order to attach the switch to the network to be able to configure it with interference of the general configuration affecting the network.

The switch is currently running version 6.3.2.0

I can add an IP address to the Mgmt interface and reach the switch OK, SSH, use the EDM etc if I directly connect to it.

I found though that when I was adding VLANs / Subnets to the Globalrouter it kicked back an issue saying the IP address was already in use, which was one configured on the Mgmt interface?

The Mgmt interface is in its own Mgmt VRF, in which case I would not expect it clash?

In addition, to use the Mgmt interface I configured a default route and applied it to the Mgmt VRF, but subsequently been advised to be careful with this as it will put in the Global routing table and thereby effect general routing.

So my question is that it would be my exception the Mgmt interface being in a different VRF should have its own completely separate routing table, thereby there should be no cross-over?

I may have my understanding wrong, but wondered if someone would be able to explain. Maybe describe how I could use the Mgmt interface as an out-of-band interface with a default route to allow access to any network.

Many thanks in advance

1 ACCEPTED SOLUTION

Ludovico_Steven
Extreme Employee

The MgmtRouter  VRF and GlobalRouter VRFs are separated and you cannot get traffic between them.

However the CPU on the VSP8600 itself, uses IP routes (from MgmtRouter & GlobalRouter) to decide which way to go when it generates a mgmt packets (SNMP, SSH, etc) or responds to one. Which is why the recommendation is to use a completely different IP subnet for the OOB network (and the MgmtRouter IP cannot be within an already existing local IP subnet in GlobalRouter)  and never to put a default route on the mgmt OOB IP.

If you place a default route on the Mgmt VRF, you risk seeing the switch reply to SNMP requests it received from GlobalRouter VRF on the Mgmt VRF, which can lead to some odd results.

This behaviour will go away in VOSS8.2 with the new Segmented mgmt interface and then you will get what you were expecting. However the Segmented mgmt interface for VSP8600 is not currently committed and is only plan of intent for a later release.

View solution in original post

3 REPLIES 3

PeterK
Contributor III

I’ve a similar issue.

I’ve 2 VSP7400 connected via dedicated IP-Net on OOB-Interface to existing core.

I’m currently on migration of L2 and L3 services.

When create the IP-Interface on VSP where my Jumpserver is connected on the old core, I can’t access the VSP anymore via OOB-Interface.

 

In EXOS I never had such issues.

 

Is there a way to create a workaround to solve my behavior?

I need to create every IP-Interface from old core on the VSP except the dedicated transfer-net between old-core and VSP-OOB.

Anonymous
Not applicable

Thanks for the detailed answer Ludovico.

Ludovico_Steven
Extreme Employee

The MgmtRouter  VRF and GlobalRouter VRFs are separated and you cannot get traffic between them.

However the CPU on the VSP8600 itself, uses IP routes (from MgmtRouter & GlobalRouter) to decide which way to go when it generates a mgmt packets (SNMP, SSH, etc) or responds to one. Which is why the recommendation is to use a completely different IP subnet for the OOB network (and the MgmtRouter IP cannot be within an already existing local IP subnet in GlobalRouter)  and never to put a default route on the mgmt OOB IP.

If you place a default route on the Mgmt VRF, you risk seeing the switch reply to SNMP requests it received from GlobalRouter VRF on the Mgmt VRF, which can lead to some odd results.

This behaviour will go away in VOSS8.2 with the new Segmented mgmt interface and then you will get what you were expecting. However the Segmented mgmt interface for VSP8600 is not currently committed and is only plan of intent for a later release.

GTM-P2G8KFN