Re: [nsp] Re: Router tunneling?!

From: Danny McPherson (danny@genuity.net)
Date: Fri Mar 13 1998 - 14:49:13 EST

Next message: jlixfeld@idirect.ca: "Re: [nsp] Re: Router tunneling?!"
Previous message: Charley Kline: "Re: [nsp] Re: Router tunneling?!"
Maybe in reply to: Avi Freedman: "[nsp] Re: Router tunneling?!"
Next in thread: Jim Van Baalen: "Re: [nsp] Router tunneling?!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

> What might work instead is to simply put in an access list to block the
> ICMP TTL EXCEEDED messages from coming back into your net. That will
> quite effectively break traceroute. If customers complain, tell them
> it's being done for security reasons and you're just trying to protect
> your customers. :)

And effectively re-introduce some of the same performance as those associated
GRE tunneling (i.e., fast-switching .. at best).

> Obviously we all know that the number of router hops is not the issue.
> This is what you should really be telling your boss. Don't let customer
> service and marketing get in the way of good network design. Well, not
> for the wrong reasons, anyway.

Agreed.

-danny

Next message: jlixfeld@idirect.ca: "Re: [nsp] Re: Router tunneling?!"
Previous message: Charley Kline: "Re: [nsp] Re: Router tunneling?!"
Maybe in reply to: Avi Freedman: "[nsp] Re: Router tunneling?!"
Next in thread: Jim Van Baalen: "Re: [nsp] Router tunneling?!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:15 EDT