[c-nsp] Private IP in SP Core
Reuben Farrelly
reuben-cisco-nsp at reub.net
Mon Mar 11 06:49:22 EDT 2013
On 11/03/2013 9:43 PM, Gert Doering wrote:
> Hi,
>
> On Mon, Mar 11, 2013 at 10:18:31AM +0000, Gordon Bryan wrote:
>> Can I ask what your thoughts are on core IP addressing? Do you have
>> specified global ranges for this purpose with matching iACLs or do
>> you use another method altogether.
>
> We use a dedicated IPv4 /24 for all core links which is heavily ACLed
> at all external borders.
+1.
> What we're currently not so good at is "protect the PE-CE link" -
> the customer infrastructure is so heterogeneous that we can't do
> "every PE-CE link gets a /30 from a well-known /22 (or whatever) and
> that is also strongly filtered" (as ytti suggested).
We also started to move from /30s to /31s 12 months before I left.
Saves 50% of public addresses and given we were supplying and managing
almost all of the CPE routers, it was a non issue in so far as which
ones would work (anything recent Cisco-wise did).
If a customer asked why a /31, I would suggest they try it and then if
it doesn't work we'll go back to a /30. But between Cisco and Juniper
it all did just work...........
Side issue I know, but a 50% saving makes it a bit less costly in terms
of the operational cost of burning public IP addresses.
Reuben
More information about the cisco-nsp
mailing list