[c-nsp] Private IP in SP Core

[Gordon Bryan]

Hi Group,
 
I'm heading towards the final stages of planning a new MPLS core network and I'm currently stuck in two minds between public or private addressing for the core.
 
I like the concept of private addressing (core hiding being one) but having never seen it deployed in anger I'm concerned that it might not be as simple as it seems and may break other things. I've read that traceroute and PMTUD are at risk in such a scenario.
 
Is anyone on this list using private addressing in the core and can you share your experiences? Particularly any pitfalls or any obscure quirks that you found lurking?
 
Also, even in a completely private core, a PE still becomes exposed to the outside world on its PE-to-CE interface when delivering Internet services. Has anyone developed any proficient methods for locking down these interfaces and making them unresponsive/secure from the outside?
 
Many thanks
 
Gordon