[c-nsp] Sharing router uplinks?
Scott Granados
scott at granados-llc.net
Thu Aug 2 11:23:51 EDT 2012
I second this, I think that point to point links make for the best connection type in this use for all the reasons mentioned ands also for the simplicity. There's something to be said for keeping the core (and network) as simple as possible as long as the functionality is there. I don't see what the original posters customer gains with the design and I think in general it's all downside.
On Aug 2, 2012, at 11:18 AM, Wayne Tucker <wayne at tuckerlabs.com> wrote:
> On Wed, Aug 1, 2012 at 1:53 PM, JP Senior <SeniorJ at bennettjones.com> wrote:
>> Putting a web server (or any other) host device on the same subnet causes reachability issues to
>> other subnets -- hacks/workarounds include ICMP redirects, static routing tables, and proxy arp on
>> the subnet. A server won't know which 'router' to take to get to which subnet. This is an
>> administrative disaster as you have to either permit ICMP redirects explicitly (Operating systems
>> shouldn't/don't support this by default anymore), turn on evil proxy arp, have a full mesh IGP, or
>> enable static routes on the hosts.
>
> Things also get ugly if that web server is hijacked - with a little
> ARP spoofing it can get access to transit traffic.
>
>
>> As far as shared 'router' vlans or subnets, this is completely normal and common for
>> distribution/core networks.
>
> I've found that a lot of NMSs don't handle the shared segments well.
> Point to point links are easy to plot and monitor - both because
> they're 1:1 and because if your IGP does adjacencies you can monitor
> for neighbors != 1.
>
> :w
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list