[c-nsp] Naming Conventions

james at thehamptonfamily.us james at thehamptonfamily.us
Mon Aug 23 12:17:44 EDT 2004


I to am in the process of developing a standard naming convention, but was
afraid of giving away to much info when using model numbers and port IDs
in names. Am I being to paranoid, or can a hacker who is profiling a
company actually use this info in some way?

James


> On Sun, 22 Aug 2004, Paul Stewart wrote:
>
>> We're a mid-sized ISP and I'm looking at trying to standardize our
>> naming conventions for routers/switches/firewalls.
>>
>> Just looking to see what the "norm" is that makes sense.  Currently we
>> use gw-7513, gw-5513 etc. but this doesn't really make sense nor is it
>> good from a security perspective in my opinion.
>
> You'll probably get lots of different answers to this :-)
>
> I've found it's better to name devices based on what they do, not that
> they are.  That way if you replace that 5513 with a 6513, you don't need
> to change DNS, and potentially other things like monitoring software,
> etc...
>
> I've worked for a mid-size ISP and designed the network device naming
> conventions for them, so I have some experience here.  These are just my
> thoughts.  You may choose to do something completely different.
>
> What I've done in the past is something like this:
>
> core routers
> ------------
> crX.location/pop.state/country.isp.net
>
> I see lots of places use either a general location ID, such as "paix01"
> or or something based on telco CLLI codes, like "nycmny" for New York
> City (Manhattan).
>
> example:
> cr1.paix01.ca.isp.net
>
> This would normally point to the primary loopback interface on the
> device specific interfaces could be identified in much the same way
>
> p1-0-0.cr1.paix01.ca.isp.net
> t3-2-0-0.cr1.paix01.ca.isp.net
>
> customer attach/access routers
> ------------------------------
> arX.same-format-as-above
>
> Specific interfaces could be identified the same way.  Interfaces with
> sub-interfaces (frame relay, ATM, 802.1q ethernet trunks, etc) could
> also be identified the same way
>
> t1-1-2-1-24.ar1.paix01.ca.isp.net
> s2-0-17-0.ar1.paix01.ca.isp.net
> a2-0-1-305.ar2.paix01.ca.isp.net
>
> core switches
> -------------
> csX.same-format-as-above
>
> If your switches are doing any layer 3 routing, you can label specific
> interfaces
>
> g5-1.cs1.paix01.ca.isp.net
> f2-48.cs2.paix01.ca.isp.net
>
> distribution/access switches
> ----------------------------
> asX.same-format-as-above
>
> firewalls
> ---------
> fwX.same-format-as-above
>
> specific interfaces would depend on your firewall's interface naming
> standards, e.g. ethernet0,1,2.... for Cisco PIXes, etc.  I'd recommend
> that rather than using things like "dmz1" or "outside0" because that can
> reveal more than you want about your network architecture.
>
> jms
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list