The Segmented Management Instance provides support for management interfaces that transmit and receive packets directly to and from the system native Linux IP stack. Unlike a traditional management interface, for example, a CLIP in the GRT that is part of the networking IP stack, Segmented Management Instance interfaces do not route packets through the networking IP stack.
The following management applications use the Segmented Management Instance directly to transmit or receive packets with segmented management interfaces and addresses.
Note
The VSP 8600 Series only supports Ping, Traceroute, and NTPv4.
|
Segmented Management Instance Applications and Protocols |
Client |
Server |
IPv4 |
IPv6 |
|---|---|---|---|---|
|
Digital Certificates |
Yes |
Yes |
||
|
DHCP Client |
Yes |
Yes |
||
|
DNS |
Yes |
Yes |
Yes |
|
|
FTP |
Yes |
Yes |
Yes |
Yes |
|
HTTP/HTTPS |
Yes |
Yes |
Yes |
|
|
IQAgent |
Yes |
Yes |
||
|
NTPv4 |
Yes |
Yes |
Yes |
Yes |
|
OVSDB protocol support for VXLAN Gateway |
Yes |
Yes |
Yes |
|
|
Ping |
Yes |
Yes |
Yes |
Yes |
|
RADIUS |
Yes |
Yes |
Yes |
|
|
RADIUS Security (RADSec) |
Yes |
Yes |
Yes |
|
|
Representational State Transfer Configuration Protocol (RESTCONF) |
Yes |
Yes |
||
|
SSH/SCP/SFTP |
Yes (SSH only) |
Yes |
Yes |
Yes |
|
Syslog |
Yes |
Yes |
Yes |
|
|
TACACS+ |
Yes |
Yes |
||
|
Telnet |
Yes |
Yes |
Yes |
Yes |
|
TFTP |
Yes |
Yes |
Yes |
Yes |
|
Traceroute |
Yes |
Yes |
Yes |
Yes |
The following management applications do not use the Segmented Management Instance to transmit or receive packets, but can integrate with segmented management interfaces and addresses.
|
Applications and Protocols |
IPv4 |
IPv6 |
|---|---|---|
|
Application Telemetry |
Yes | Yes |
|
IPFIX |
Yes |
|
|
Link Layer Discovery Protocol (LLDP) |
Yes |
Yes |
|
SynOptics Network Management Protocol (SONMP) |
Yes |
|
|
sFlow |
Yes |
|
|
Remote Network Monitoring version 2 (RMON2) |
Yes |
Note
NTPv3
Remote Login (rlogin)
Remote Shell (RSH)
Management applications that use UDP, such as TFTP, RADIUS dynamic server, or SNMP can have restrictions when multiple Segmented Management Instances are configured with overlapping or asymmetrical routing.
Note
The restrictions listed do not apply to TCP applications or if a single Management Instance is configured.
Asymmetrical routing can occur in any of the following scenarios. For the first two scenarios you can use the OOB or VLAN Management Instance IP address instead of the CLIP Management Instance IP address. Use FTP or SCP file transfer as an alternative as those protocols are TCP based.
In the third scenario, you can configure more specific static routes for networks originating UDP client communication to the OOB or VLAN Management Instance IP address if the CLIP Management Instance is also configured.
Client communication to the CLIP Management Instance IP address is from the same subnet as the VLAN Management Instance.
Client communication to the CLIP Management Instance IP address when specific static routes or default route with higher preference back to the client network exist on OOB Management Instance or VLAN Management Instance.
Client communication to the OOB Management Instance IP address or VLAN Management Instance IP address that relies on a default route with a lower preference than the internal default route used by the CLIP Management Instance.
Client communication to the CLIP Management Instance IP address is from the same subnet as the OOB Management Instance (even if the OOB port is down).