[c-nsp] Private IP in SP Core
Gert Doering
gert at greenie.muc.de
Mon Mar 11 07:15:56 EDT 2013
Hi,
On Mon, Mar 11, 2013 at 12:54:25PM +0200, Saku Ytti wrote:
> On (2013-03-11 11:43 +0100), Gert Doering wrote:
>
> > What we're currently not so good at is "protect the PE-CE link" - the
>
> We've solved this by not announcing the PE address of PE-CE. Occasionally
> we need to announce the CE address, maybe for management purposes, maybe
> for something else. Then we create more specific /32 static route to the
> interface.
In our case, the "CE" might be "a /27 connected right to the PE"...
So yes, I can see this work out if you always have a transit network
to a dedicated CE device and "all customer stuff lives behind that", but
well, doesn't work out like this here... so we rely on CoPP and service
ACLs on the PE routers.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130311/1eae5449/attachment.sig>
More information about the cisco-nsp
mailing list