On Wed, 13 Feb 2002, jerry scharf wrote:
This is why there are switches (using vlans if you choose) and router interfaces. Unless you are taking an OC3's worth of management traffic, you create a net just for your management traffic, put in on an interface and hang your entire site's snmp gear off of that. If you want it to be private, GRE and 1918 addresses are your friends, and filter to allow only traffic from those nets. None of this is new or hard.
Nice theory, but in practice it's a little ickier than you make it sound. Consider most people on this list deal with networks (not just single sites) spanning multiple states or countries. Not everyone can afford to build both a backbone and a separate management WAN. Putting management in 1918 space is ok at one location, but gets tricky on a large network. Do we then also buy/maintain VPN hardware to connect all the various 1918 management networks to the NOC? This actually might be an interesting use for MPLS VPN for those networks where all the core gear supports it, but a totally separate management WAN is cost prohibitive. -- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________