[c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?
Tim Franklin
tim at pelican.org
Tue Aug 26 05:35:17 EDT 2008
On Thu, August 21, 2008 12:59 am, Brandon Price wrote:
> Other than just saying "its bad" can you give some specifics as to the
> problems you've run into using private addresses for PE-CE links? As
> long as the SP hands out unique addresses across all of the links, what
> does it matter whether they are "private" or "public" ?
Customers using *all* of RFC1918 space (or at least claiming they do).
e.g. if you have WAN links as /30s out of 10.11.12.0/24, and the customer
has that range on a LAN somewhere, each site will be unable to reach the
particular hosts on it's WAN /30. (At least - if you're redistributing
WAN routes into BGP / MBGP, the lack of visibility gets worse).
You end up wasting a lot of time negotiating with customers to try and
find an acceptable range, hacking exceptions into your network and
processes to get around the fact you're having to allocate WANs from
something other than your normal block - assuming you can get that far at
all. I've dealt with the occasional customer loudly and fairly
aggressively insisting that RFC1918 space is entirely theirs, we may not
use any of it, fix our service now, incoming lawyers, etc.
If you then end up with public WAN addresses an exception only, you give
yourself more pain in trying to document sufficiently that your support
guys six months down the line don't assume that "it must be an Internet
service, it's public addresses" and do something unpleasent to it, like
remove the VRF.
Regards,
Tim.
More information about the cisco-nsp
mailing list