[c-nsp] Private IP in SP Core

Gordon Bryan cisco_resource at yahoo.co.uk
Mon Mar 11 06:18:31 EDT 2013


Hi Gert,
 
Thanks for the pointers. I do now recall you giving this advice before but for the life of me I couldnt find the related thread in the archives.
 
Can I ask what your thoughts are on core IP addressing? Do you have specified global ranges for this purpose with matching  iACLs or do you use another method altogether.
 
I'm really looking for the best of both worlds - a nice scure core that isn't easy to attack while at the same time not annoying customers by denying them important diagnostic information.
 
Thanks
 
Gordon


________________________________
From: Gert Doering <gert at greenie.muc.de>
To: Gordon Bryan <cisco_resource at yahoo.co.uk> 
Cc: Cisco NSP <cisco-nsp at puck.nether.net> 
Sent: Monday, 11 March 2013, 8:17
Subject: Re: [c-nsp] Private IP in SP Core

Hi,

On Sun, Mar 10, 2013 at 09:44:12PM +0000, Gordon Bryan wrote:
> I like the concept of private addressing (core hiding being one) but having never seen it deployed in anger I'm concerned that it might not be as simple as it seems and may break other things. I've read that traceroute and PMTUD are at risk in such a scenario.

I've said it before and I'll say it again - by "core hiding" you take away
important diagnostic tools (traceroute/mtr) from your customers.  So *if*
you do that, make sure your monitoring and first-level support is fully
up to speed should you ever have LSP black-holes or packet loss in your
network.

We terminated our contract with Global Crossing because they regularily
had issues in their network (packet loss, high latency, black holes),
traceroute hiding gave us no way to pinpoint the issue, and their 
support stuck to the "we can't see anything so there is no problem" 
mantra.  This combination is completely unacceptable.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                          //www.muc.de/~gert/
Gert Doering - Munich, Germany                            gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list