I'm currently working on a design and am looking for some opinions born of recent experience, whether good or bad.
What are your thoughts about connecting management gear to the core vs a "management" vrf?
In my last deployment/buildout a few years ago, there were several issues with use of mgmt vrfs such as no support for tacacs servers in the vrf. And snmp, if I recall correctly, was broken. Booting/upgrading code from rommon was not possible via vrf'd interface.
I understand that snmp is now vrf aware, but from your experience, how real are these other concerns? Are there other issues with one approach versus the other?
if you are talking about managing the actual core devices i.e. P/PE routers then you should be managing them via some sort of DCN network via the routers management port. If your talking about managing CE devices then you should be managing those devices via a management vrf where you leak in the loopback of the CE to the management vrf.
Understood and agreed. I suppose I muddied the question when I mentioned snmp. P/PE are my concern here. Many devices in this network do not have physical management ports beyond the totally oob console/aux. Long story short, customer has never historically been a carrier, and ordered enterprise type equipment on Cisco's advice prior to my involvement. So I'll be carving out VCs and landing them either on core or vrf'd interfaces. My question is where to attach the DCN.
So if I understand the implications, if there are no mgmt ports on P/PE, then core connectivity is still the way to go. Do all the limitations I mentioned still exist?