Re: [nsp] Re: Router tunneling?!

From: Danny McPherson (danny@genuity.net)
Date: Fri Mar 13 1998 - 14:49:13 EST


> What might work instead is to simply put in an access list to block the
> ICMP TTL EXCEEDED messages from coming back into your net. That will
> quite effectively break traceroute. If customers complain, tell them
> it's being done for security reasons and you're just trying to protect
> your customers. :)

And effectively re-introduce some of the same performance as those associated
GRE tunneling (i.e., fast-switching .. at best).

> Obviously we all know that the number of router hops is not the issue.
> This is what you should really be telling your boss. Don't let customer
> service and marketing get in the way of good network design. Well, not
> for the wrong reasons, anyway.

Agreed.

-danny



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:15 EDT