[c-nsp] RFC 1918 on loopback?
nachocheeze at gmail.com
nachocheeze at gmail.com
Tue Jan 15 11:20:40 EST 2008
We tend to design our networks based on an idea outlined somewhat in
this thread:
http://marc.info/?l=cisco-nsp&m=113016470017015&w=2
"Implementing private IP addresses on links between your routers
violates RFC1918 unless you implement filters on your borders.
You still originate the ICMPs and they still reach the sources
(unless filtered). This is a very bad idea."
As such, the current network I'm dealing with (campus enterprise, not
a service provider) has public IP addresses on all core and
distribution router node interfaces, including the loopback.
There's a security push to move more IP's off public space and onto
RFC 1918 unless there is a justification for a public IP. I've been
asked if it's possible to move our loopback addresses to private
space, and since currently the only purpose they currently serve is
for IGP router-id, it seems reasonable (except on our BGP speaking
Internet border routers).
I'm trying to come up with any possible scenario where this would NOT
be a good idea to avoid future headache with anything we might want to
deploy later (such as interdomain multicast). Has anyone ever run into
this and had it bite them later on down the road?
More information about the cisco-nsp
mailing list