New feature (finally!) in R80.30 is the ability to enabled Management data plane Separation, in order to have a separate route table for the management interface and all management related functions (Policy installation, SSH, SNMP, syslog, GAIA portal, etc).
Let’s assume the interface “Mgmt” has already been set as the management interface with IP address 192.168.1.100 and wants default gateway 192.168.1.1, and “eth5” has been setup as the dedicated sync interface:
set mdps mgmt plane on set mdps mgmt resource on set mdps interface Mgmt management on set mdps interface eth5 sync on add mdps route 0.0.0.0/0 nexthop 192.168.1.1 save config reboot
After the box comes up you can verify the management route has been set by going in to expert mode and the the “mplane” command to enter management space:
> expert [Expert@MyCheckPoint:0]# mplane Context set to Management Plane [Expert@MyCheckPoint:1]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 169.254.0.0 0.0.0.0 255.255.255.252 U 0 0 0 eth5 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 Mgmt 0.0.0.0 192.168.1.1 0.0.0.0 UGD 0 0 0 Mgmt
Routes from the main route table relating to management can then be deleted, which makes the data plane route table much cleaner:
[Expert@MyCheckpoint:1]# dplane Context set to Data Plane [Expert@MyCheckPoint:0]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 203.0.113.32 0.0.0.0 255.255.255.224 U 0 0 0 bond1.11 192.168.222.0 0.0.0.0 255.255.255.0 U 0 0 0 bond1.22 0.0.0.0 203.0.113.33 0.0.0.0 UGD 0 0 0 bond1.11 192.168.0.0 192.168.222.1 255.255.0.0 UGD 0 0 0 bond1.22