How to Choose an Interface for Remote Management of Junos Devices
To manage the Junos OS without being physically present, your fundamental requirement is to create an interface through which you can communicate. Although you may think the question is which interface to use, the question is actually which interface can you use.
You have a couple of choices, depending on how you want to manage your networked devices. Of course, you have choices depending on your management requirements and the type of device you’re using.
Making these choices boils down to answering two decisions: determining whether you want to use your network-facing in-band interfaces or a specialized management interface (out-of-band management), and determining whether you need to access the router with root permissions (in-band management). To make the decision, you need to know the differences between the two options.
Out-of-band management: Identifies remote management through a network that is separate from the traffic-carrying network on which the device is deployed. Put simply, out-of-band management uses an interface that carries only management traffic, whereas the other interfaces on the router carry LAN/WAN traffic.
In-band management: Is remote management where one of the LAN/WAN interfaces is used to manage the router. That is to say that you use the network to carry both network traffic and management traffic across the same links.
Generally speaking, most Junos OS administrators find it safer and more reliable to separate the traffic-bearing network from the management network, because when you have network issues, you want to guarantee access to your devices. Using the troubled network to resolve those issues makes you vulnerable. If you can’t access the device during these times, your ability to remotely troubleshoot — and ultimately resolve — problems can be compromised.
On the other hand, smaller organizations may not have the resources to construct what amounts to a second network to manage the first.
The ports on any device are prime real estate, like USB ports on a PC. Using up one of those ports to handle management traffic reduces the ports available for network traffic. A device with only a few ports or one whose ports are all in use can become an issue.
Using in-band management can be a budget issue, because the benefits of an out-of-band management network come with a corresponding cost. It’s expensive (sometimes prohibitively so) to have a separate network infrastructure to handle only management traffic. Such a management network requires the deployment of terminal servers and switches to pass management traffic, and those devices incur their own set of support costs, in terms of both dollars and personnel.
The decision between out-of-band and in-band management is really one of cost: Do you have the resources to set up and maintain a separate management network? If you do, use the out-of-band approach to remote management. If you don’t, in-band is the only other option.
After you make the decision about your remote management interface, you need to wire up your device and then configure the management interface.