[c-nsp] Blackholing looped traffic
Tim Franklin
tim at colt.net
Tue Aug 30 10:25:27 EDT 2005
> What I'm completely uncertain is, would allowing this type of hack
> really be beneficial, or would it encourage more people to poor
> design. Then again, it's not like it would be only feature, thats
> there just due to poor (as in not good but also as in ultra
> low-budget)
> design :)
What's your thought as to what *is* a good design for this case? (Hub and
spoke VPN, spokes must not be allowed to communicate with each other, spokes
must have a default route towards the hub (for Internet or other reason))
I've struggled with it on a couple of occasions, and can't come up with
anything that doesn't degenerate into hacks at some point - either ACLs, or
a plethora of VRFs and leakiness.
Regards,
Tim.
--
____________ Tim Franklin e: tim at colt.net
\C/\O/\L/\T/ Product Engineering Manager w: www.colt.net
V V V V Managed Data Services t: +44 20 7863 5714
Data | Voice | Managed Services f: +44 20 7863 5876
More information about the cisco-nsp
mailing list