[c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?
David Granzer
dgranzer at gmail.com
Wed Aug 20 04:13:44 EDT 2008
Hello Andy,
I'm not sure if there exist something like best practice for using private or
public IP's between PE-CE. I think it's more depend on your own design and
what you want to use.
You can use private IP's and 'save' your public IP space, but then you can
find case (maybe) when you will overlap with private IP's used in customer
network.
I guess that public IP's have the same security in MPLS VPN enviroment
because they are not accessible from the global routing table, so they don't
exist for public internet.
Regards,
David
On 8/20/08, Andy Saykao <andy.saykao at staff.netspace.net.au> wrote:
> Just wondering from those in the know, whether it's best practice to
> implement public or private IP's for the PE-to-CE link. What's everyone
> using and why?
> For our MPLS network, I've been asked by my Manager to use private IP's
> for the PE-CE link in order to give the customer the appearance that
> they are on a secure PRIVATE network due to private IP's being used.
> Although I tend to be more fond of using public IP's because it's a
> unique address space so you don't have to worry about overlapping IP
> addresses on the customer's end and secondly there's no configuration
> from the Service Provider's end should you need to remove the connection
> from the VRF to conduct further testing from the Internet becuse the
> connection is already using public IP's (eg: for cases where the
> customer is complaining of slow speeds, packet loss, drop outs, etc and
> you want to test the individual connection and bypass their VPN).
>
> Thanks.
>
> Andy
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> Please notify the sender immediately by email if you have received this
> email by mistake and delete this email from your system. Please note that
> any views or opinions presented in this email are solely those of the
> author and do not necessarily represent those of the organisation.
> Finally, the recipient should check this email and any attachments for
> the presence of viruses. The organisation accepts no liability for any
> damage caused by any virus transmitted by this email.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list