nanog mailing list archives

Re: it's here

From: Steve Noble <snoble () sonn com>
Date: Wed, 13 Feb 2002 10:03:42 -0800


On Wed, Feb 13, 2002 at 09:50:16AM -0800, Jake Khuon wrote:


EB> Without control plane seperation (and it's not possible with Cisco,
EB> Juniper, or most other routers out there), management services are
EB> listening on the public network, and that makes this very scary,
EB> regardless of filtering policies, etc.

Huh?  Junipers have the fxp0 interface which can be used for management. 
You're just not supposed to route between the management fxp0 and your
production interfaces.


As do Cisco GSR's.. on their e0 interface.  Same difference.  You can even
enable or disable CEF on it :)

-- 
-------------------------------------------------------------------------------
: Steven Noble / Network Janitor / Be free my soul and leave this world alone :
:   My views = My views != The views of any of my past or present employers   :
-------------------------------------------------------------------------------

Current thread:

Re: it's here, (continued)
- - - Re: it's here Eric Brandwine (Feb 13)
    - Re: it's here jerry scharf (Feb 13)
    - Re: it's here jlewis (Feb 13)
    - Re: it's here William Allen Simpson (Feb 13)
    - Re: it's here Jared Mauch (Feb 13)
    - Re: it's here Jesper Skriver (Feb 13)
    - Re: it's here Eric Brandwine (Feb 13)
    - Re: it's here kevin graham (Feb 13)
    - Re: it's here Jesper Skriver (Feb 13)
    - Re: it's here Jake Khuon (Feb 13)
    - Re: it's here Steve Noble (Feb 13)
    - RE: it's here Tony Hain (Feb 13)
    - Re: it's here Eric Brandwine (Feb 13)
    - Re: it's here Christopher L. Morrow (Feb 13)
    - Re: it's here Ron da Silva (Feb 13)
    - Re: it's here Stephen Sprunk (Feb 14)
    - RE: it's here Deepak Jain (Feb 14)
- RE: it's here Jon Stanley (Feb 13)