Hello,
On Thursday, 23 July 2020, Mark Tinka <[email protected]> wrote: > > > On 23/Jul/20 10:43, Lukas Tribus wrote: > > > You just need a route to a HTTP proxy (like tinyproxy) in your FIB, > > just like you already need reachability for monitoring systems, NMS, > > radius servers etc. > > All those monitoring systems live in the IGP, which is in FIB. Same for an on-prem SSM as well as a proxy. > > > > > No default route or full table necessary on any boxes, just IP > > reachability of a single, very simple forwarding proxy. > > Things that call home into the cloud tend to be a bit flaky. Adding a > proxy to that can mix things up quite nicely, and I'd prefer to avoid > that altogether. Yes, as you add variables you add complexity. It seems to me though that a forward proxy that connects two TCP sockets is less complex by an order of magnitude than running a full blown licensing server which probably needs periodic software updates itself just to continue to be able to talk to the mothership ... > > > > - if the Cisco Licensing Cloud suddenly denies valid licenses due to > > temporary technical problems > > I would expect that the SSM server has some grace period during which it > can lose communication with the mothership before starting to become a > threat to local operations. Not having that would be bad design, as the > Internet is well, not infallible. Those with SSM can enlighten us. I'm unsure the SSM has grace periods. The end devices are supposed to have it though, IIRC. > > > > > - if the US gov suddenly imposes sanctions against your country (and > > in the simpliest scenario - you are unable to pay for subscriptions > > because international payments are blocked - this is happening right > > now between RIPE and iranian LIRs) > > Well, this affects you even when you don't have an on-prem SSM server, > then. Yes, like I said, this is common to *all* subscriptions based services. Lukas _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
