|
Feature |
Product |
Release introduced |
|---|---|---|
|
Segmented Management Instance - Management Interface CLIP |
5320 Series |
Fabric Engine 8.6 |
|
5420 Series |
VOSS 8.4 |
|
|
5520 Series |
VOSS 8.2.5 |
|
|
Segmented Management Instance - Management Interface OOB |
5320 Series |
Not Applicable |
|
5420 Series |
VOSS 8.4 |
|
|
5520 Series |
VOSS 8.2.5 |
|
|
Segmented Management Instance - Management Interface VLAN |
5320 Series |
Fabric Engine 8.6 |
|
5420 Series |
VOSS 8.4 |
|
|
5520 Series |
VOSS 8.2.5 |
|
|
Segmented Management Instance — ability to migrate VLAN or loopback IP address |
5320 Series |
Not Applicable |
|
5420 Series |
Not Applicable |
|
|
5520 Series |
Not Applicable |
|
|
Segmented Management Instance — DHCP Client for Management Interface OOB or Management Interface VLAN |
5320 Series |
Fabric Engine 8.6 OOB not supported |
|
5420 Series |
VOSS 8.4 |
|
|
5520 Series |
VOSS 8.2.5 |
A Management Instance is required to provide access to specific management applications.
With Segmented Management, the Management plane (management protocols) is separated from the Control Plane (routing plane) from a process and data-path perspective. Segmented Management is the only method to manage switches. One or a combination of the following management interface/management instance types can be used:
Out-of-Band (OOB) management IP address (IPv4 and IPv6)
In-band Loopback/circuitless IP (CLIP) management IP address (IPv4 and IPv6)
In-band management VLAN IP address (IPv4 and IPv6)
Important
The Segmented Management Instance provides support for management interfaces that transmit and receive packets directly to and from the system native Linux IP stack. Unlike a traditional management interface, for example, a CLIP in the GRT that is part of the OS networking IP stack, Segmented Management Instance interfaces do not route packets through the OS networking IP stack.
Segmented Management provides better security because you cannot reach the management instance from outside the VRF (in case of CLIP) or outside VLAN/I-SID (in case of management VLAN), and because it has a built-in firewall for the management plane. There is also more predictability with symmetric traffic flows for management traffic originating from and terminating on the switch, for instance:
Sessions originated from switch (client mode) - Source IP of packets is determined based on Management IP stack routing table weights (configurable).
Sessions connecting to switch (server mode) - Source IP is derived from session connection and reply will go out on management interface packet.