[c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Aug 20 05:49:59 EDT 2008 

There was actually an attempt to allocate a specific address block for
this purpose (which would be private like 1918-space), but this never
got anywhere.. Take a look at
http://tools.ietf.org/html/draft-guichard-pe-ce-addr-03 for a discussion
about possible options..

	oli

David Granzer <> wrote on Wednesday, August 20, 2008 10:14 AM:

> Hello Andy,
> 
> I'm not sure if there exist something like best practice for using
> private or public IP's between PE-CE. I think it's more depend on
> your own design and what you want to use.
> 
> You can use private IP's and 'save' your public IP space, but then
> you can find case (maybe) when you will overlap with private IP's
> used in customer network.
> 
> I guess that public IP's have the same security in MPLS VPN enviroment
> because they are not accessible from the global routing table, so
> they don't exist for public internet.
> 
> Regards,
> David
> 
> On 8/20/08, Andy Saykao <andy.saykao at staff.netspace.net.au> wrote:
>> Just wondering from those in the know, whether it's best practice to
>>  implement public or private IP's for the PE-to-CE link. What's
>>  everyone  using and why? For our MPLS network, I've been asked by
>>  my Manager to use private IP's for the PE-CE link in order to give
>>  the customer the appearance that they are on a secure PRIVATE
>>  network due to private IP's being used. Although I tend to be more
>>  fond of using public IP's because it's a unique address space so
>>  you don't have to worry about overlapping IP addresses on the
>>  customer's end and secondly there's no configuration from the
>>  Service Provider's end should you need to remove the connection
>>  from the VRF to conduct further testing from the Internet becuse
>>  the connection is already using public IP's  (eg: for cases where
>>  the customer is complaining of slow speeds, packet loss, drop outs,
>> etc and you want to test the individual connection and bypass their
>> VPN).  
>> 
>>  Thanks.
>> 
>>  Andy
>> 
>>  This email and any files transmitted with it are confidential and
>>   intended solely for the use of the individual or entity to whom
>>  they are addressed. Please notify the sender immediately by email
>>  if you have received this email by mistake and delete this email
>>   from your system. Please note that any views or opinions presented
>>   in this email are solely those of the author and do not
>>  necessarily represent those of the organisation. Finally, the
>>  recipient should check this email and any attachments for the
>>  presence of viruses. The organisation accepts no liability for any
>> damage caused by any virus transmitted by this email. 
>> 
>>  _______________________________________________
>>  cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>  https://puck.nether.net/mailman/listinfo/cisco-nsp
>>  archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list