[c-nsp] MLPPP product from the provider point of view

Gert Doering gert at greenie.muc.de
Wed Mar 12 14:30:07 EDT 2008


Hi,

On Wed, Mar 12, 2008 at 09:07:51AM -0400, Joe Maimon wrote:
> - Is it really neccessary to utilize Mutltilink interfaces on the 
> provider side if using a 7200 as opposed to 7500 which seem to only 
> require a Virtual-Template?

Multilink interfaces are (for statically configured link) vastly superior
to virtual-template based multilink bundles.

> - In theory, one virtual template can be used for all mlppp customers, 
> as they will establish seperate bundles with their endpoint 
> discriminators, correct?

Yes.

> - Its not neccessary to embed interface ip on the virtual template, ip 
> unnumbered loopback works just fine, is this a common approach?

Having the same interface IP on independent bundles usually causes great
pain for IOS, so "ip unnumbered" would be strongly recommended.

> - Using ip unnumbered loopback on the customer side in its multilink 
> interface results in the customer ppp ipcp negotiation assigning the 
> customer loopback ip to its ppp session. Is this a common approach? Is 
> it secure?

How do you protect against a customer claiming "I have the IP address
of your nameserver?".

If the other end is not under your control, this is about as insecure as
permitting the other end to speak OSPF to you.  Never ever permit the
customer router to inject routes into your system.

Use multilink interfaces and static routes pointing to these.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080312/5c54351c/attachment.bin 


More information about the cisco-nsp mailing list