[c-nsp] Hiding a Cisco Router from a Traceroute
Saku Ytti
saku+cisco-nsp at ytti.fi
Thu Oct 20 13:09:47 EDT 2005
On (2005-10-20 18:47 +0200), Gordon Bezzina wrote:
> I do not know if this is possible with an ACL, but I would like to hide my
> network topology from the internet.
With ACL people doing traceroute will notice that there is node there,
but they will not know it's IP.
With MPLS you can hide all your core routers (routers that only
have your routers as adjacent routers).
> Eg. trace to c.c.c.c
>
> 1 a.a.a.a
> 2 b.b.b.b
> 3 c.c.c.c
>
> Assume that c.c.c.c is final client whilst b.b.b.b is my border router and
> a.a.a.a and before is from the Internet. Now I want to set up an ACL that
> hides from b onwards. Excuse my ignorance, but I cannot find a clean way to
> do it. Obviously, I still want my client to be able to perform pings and
> tracroutes to the external world.
>
> Thanks/Regards
> Gordon Bezzina
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
++ytti
More information about the cisco-nsp
mailing list