[c-nsp] Blackholing looped traffic

Tim Franklin tim at colt.net
Tue Aug 30 10:25:27 EDT 2005


>  What I'm completely uncertain is, would allowing this type of hack
> really be beneficial, or would it encourage more people to poor
> design. Then again, it's not like it would be only feature, thats
> there just due to poor (as in not good but also as in ultra 
> low-budget)
> design :)

What's your thought as to what *is* a good design for this case?  (Hub and
spoke VPN, spokes must not be allowed to communicate with each other, spokes
must have a default route towards the hub (for Internet or other reason))

I've struggled with it on a couple of occasions, and can't come up with
anything that doesn't degenerate into hacks at some point - either ACLs, or
a plethora of VRFs and leakiness.

Regards,
Tim.

-- 
____________   Tim Franklin                 e: tim at colt.net 
\C/\O/\L/\T/   Product Engineering Manager  w: www.colt.net 
 V  V  V  V    Managed Data Services        t: +44 20 7863 5714 
Data | Voice | Managed Services             f: +44 20 7863 5876  




More information about the cisco-nsp mailing list