[nsp] /30 over WAN links

Bulger, Tim TBulger at ea.com
Fri Feb 6 16:39:36 EST 2004


I believe they are using public address space that is globally
advertised, but not routing it in their IGP.  Has the effect of not
breaking traceroute or PMTUd but prevents the routers from being
targetted in a DOS.

Regards,
Tim

-----Original Message-----
From: Chris Stone, MCSE [mailto:cstone at axint.net] 
Sent: Friday, February 06, 2004 11:58 AM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] /30 over WAN links


 Seems to me I saw something not too long about about Sprint (I believe)
using private net address for WAN interfaces like this to combat DoS
attacks. I mostly use public address space (/30's), but have in the past
used private net address and it presents no problems. You just cannot
ping, traceroute, etc to those interfaces from the outside world...

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roman Volf
Sent: Friday, February 06, 2004 12:34 PM
To: limmer at core.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] /30 over WAN links

Does anyone out there use private RFC1918 address for PTP links? Does 
this break anything?


Roman

Steve Lim wrote:

> Ah good question. And I think the question actually led me to an
> answer to my initial queries.
>
> I suppose if we think long term, where customers might have changes in
> needs, it would make sense to number the WAN links with /30s. How 
> messy would it be, if you began with a /29 or /28 over the WAN, and 
> the customer's needs calls for more IPs? Worse, what if we started 
> with a /27, and the customer downsized? What's the next move? Renumber

> to a preferred prefix? Sucky. Perhaps routing additional subnets would

> make sense, if you started of with a /29, and needed more. But on the 
> converse, renumbering a /29 to a /30 because the customer has no need 
> for the extra IPs, isn't the best idea. Especially if DNS and Email 
> servers are on those IPs.
>
> So, I am concluding that if I number the WAN with the most efficient
> subnet (a /30), I now have the option to add or subtract any size 
> subnet per static routing. Simple, uncomplicated.
>
>
> Many thanks all for the comments.
>
> SL
>
> Rubens Kuhl Jr. wrote:
>
>> Any scenario that would require or prefer numbered links nowadays ?
>>
>>
>> Rubens
>>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list