Segmented Management

Table 1. Segmented Management Instance product support

Feature

Product

Release introduced

Segmented Management Instance - Management Interface CLIP

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

Segmented Management Instance - Management Interface OOB

5320 Series

Not Applicable

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

Segmented Management Instance - Management Interface VLAN

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

Segmented Management Instance — ability to migrate VLAN or loopback IP address

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

Segmented Management Instance — DHCP Client for Management Interface OOB or Management Interface VLAN

5320 Series

Fabric Engine 8.6

OOB not supported

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

Segmented Management Instance — sflow, Application Telemetry, and IPFIX

5320 Series

Fabric Engine 8.8

5420 Series

Fabric Engine 8.8

5520 Series

Fabric Engine 8.8

5720 Series

Fabric Engine 8.8

A Management Instance is required to provide access to specific management applications.

With Segmented Management, the Management plane (management protocols) is separated from the Control Plane (routing plane) from a process and data-path perspective. Segmented Management is the only method to manage switches. One or a combination of the following management interface/management instance types can be used:

Important

Important

The Segmented Management Instance provides support for management interfaces that transmit and receive packets directly to and from the system native Linux IP stack. Unlike a traditional management interface, for example, a CLIP in the GRT that is part of the OS networking IP stack, Segmented Management Instance interfaces do not route packets through the OS networking IP stack.

Segmented Management provides better security because you cannot reach the management instance from outside the VRF (in case of CLIP) or outside VLAN/I-SID (in case of management VLAN), and because it has a built-in firewall for the management plane. There is also more predictability with symmetric traffic flows for management traffic originating from and terminating on the switch, for instance: