[nsp] /30 over WAN links

Chris Stone, MCSE cstone at axint.net
Fri Feb 6 14:58:07 EST 2004


 Seems to me I saw something not too long about about Sprint (I believe)
using private net address for WAN interfaces like this to combat DoS
attacks. I mostly use public address space (/30's), but have in the past
used private net address and it presents no problems. You just cannot ping,
traceroute, etc to those interfaces from the outside world...

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roman Volf
Sent: Friday, February 06, 2004 12:34 PM
To: limmer at core.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] /30 over WAN links

Does anyone out there use private RFC1918 address for PTP links? Does 
this break anything?


Roman

Steve Lim wrote:

> Ah good question. And I think the question actually led me to an 
> answer to my initial queries.
>
> I suppose if we think long term, where customers might have changes in 
> needs, it would make sense to number the WAN links with /30s. How 
> messy would it be, if you began with a /29 or /28 over the WAN, and 
> the customer's needs calls for more IPs? Worse, what if we started 
> with a /27, and the customer downsized? What's the next move? Renumber 
> to a preferred prefix? Sucky. Perhaps routing additional subnets would 
> make sense, if you started of with a /29, and needed more. But on the 
> converse, renumbering a /29 to a /30 because the customer has no need 
> for the extra IPs, isn't the best idea. Especially if DNS and Email 
> servers are on those IPs.
>
> So, I am concluding that if I number the WAN with the most efficient 
> subnet (a /30), I now have the option to add or subtract any size 
> subnet per static routing. Simple, uncomplicated.
>
>
> Many thanks all for the comments.
>
> SL
>
> Rubens Kuhl Jr. wrote:
>
>> Any scenario that would require or prefer numbered links nowadays ?
>>
>>
>> Rubens
>>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list