it's here
jerry scharf
scharf at vix.com
Wed Feb 13 16:38:03 UTC 2002
C'mon guys. Exchange point rate anti-spoof filtering is not necessary to
solve this problem.
This is why there are switches (using vlans if you choose) and router
interfaces. Unless you are taking an OC3's worth of management traffic, you
create a net just for your management traffic, put in on an interface and
hang your entire site's snmp gear off of that. If you want it to be
private, GRE and 1918 addresses are your friends, and filter to allow only
traffic from those nets. None of this is new or hard.
Also, most everyone now supports snmpv3 security, so you can do that as
well. (I just do it the old way I know how, so I haven't played much with
this.)
jerry
More information about the NANOG
mailing list