[nsp] /30 over WAN links
Chris Stone, MCSE
cstone at axint.net
Fri Feb 6 14:58:07 EST 2004
Seems to me I saw something not too long about about Sprint (I believe)
using private net address for WAN interfaces like this to combat DoS
attacks. I mostly use public address space (/30's), but have in the past
used private net address and it presents no problems. You just cannot ping,
traceroute, etc to those interfaces from the outside world...
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roman Volf
Sent: Friday, February 06, 2004 12:34 PM
To: limmer at core.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] /30 over WAN links
Does anyone out there use private RFC1918 address for PTP links? Does
this break anything?
Steve Lim wrote:
> Ah good question. And I think the question actually led me to an
> answer to my initial queries.
> I suppose if we think long term, where customers might have changes in
> needs, it would make sense to number the WAN links with /30s. How
> messy would it be, if you began with a /29 or /28 over the WAN, and
> the customer's needs calls for more IPs? Worse, what if we started
> with a /27, and the customer downsized? What's the next move? Renumber
> to a preferred prefix? Sucky. Perhaps routing additional subnets would
> make sense, if you started of with a /29, and needed more. But on the
> converse, renumbering a /29 to a /30 because the customer has no need
> for the extra IPs, isn't the best idea. Especially if DNS and Email
> servers are on those IPs.
> So, I am concluding that if I number the WAN with the most efficient
> subnet (a /30), I now have the option to add or subtract any size
> subnet per static routing. Simple, uncomplicated.
> Many thanks all for the comments.
> Rubens Kuhl Jr. wrote:
>> Any scenario that would require or prefer numbered links nowadays ?
cisco-nsp mailing list cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp