NetFlow - path from Routers to Collector
Roland Dobbins
rdobbins at arbor.net
Wed Sep 2 16:11:30 UTC 2015
On 2 Sep 2015, at 22:26, Mark Tinka wrote:
> When the line card congests, it doesn't care that one bit was part of
> a VRF and the other doesn't. It all goes kaboom (even with the best of
> QoS intentions).
You don't necessarily have to put everything on the same fiber,
interface, the same ASIC cluster, the same LC-CPU/-NPU, the same
linecard, etc.
Fat-fingers in the global table or the Internet VRF or whatever won't
cause problems in the management VRF, unless via route-leaking policies
which allow them to do so or the kind of routing-table explosion which
takes down a linecard or the whole box. A hardware casualty or software
fault which takes down a linecard may not take down the whole box. And
so forth.
iACLs are simpler, don't have to be updated so frequently to account for
moves/adds/changes of the management infrastructure. It's easier to
apply QoS policies to reserve bandwidth for telemetry and other
management-plane traffic, etc. And so forth.
All this is highly variable and situationally-specific, but logical
separation of management-plane traffic from production data-plane
traffic is in general desirable, even as it's running on (at least some
of) the same hardware. It isn't as good as true physical separation,
but there's no sense in making the perfect the enemy of the merely good.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list