Re: [nsp] Re: Router tunneling?!

From: Charley Kline (kline@uiuc.edu)
Date: Fri Mar 13 1998 - 13:54:06 EST


> jlixfeld@idirect.ca writes:
> > He have a 7206 doing EVERYTHING. OSPF, Static, E/iBGP and firewalling.
> > I'm kicking my boss to get another router and leave the 7206 as a border
> > router and get a 7505 or 7507 as an internal core router. He is concerned
> > with physical hops as customers hate to see hops.
>
> "huh"???????

It's true though, customers have actually abandoned the ISP I consult
for to competitors, based purely on the number of hops traceroute shows
to their favorite web sites. Of course this makes no sense, but this is
why the guy that runs the ISP calls his customers "low-lifes".

> > Is it worth while?
>
> I'd say it is almost certainly NOT worthwhile.

What might work instead is to simply put in an access list to block the
ICMP TTL EXCEEDED messages from coming back into your net. That will
quite effectively break traceroute. If customers complain, tell them
it's being done for security reasons and you're just trying to protect
your customers. :)

Obviously we all know that the number of router hops is not the issue.
This is what you should really be telling your boss. Don't let customer
service and marketing get in the way of good network design. Well, not
for the wrong reasons, anyway.

/cvk



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:15 EDT