[c-nsp] [j-nsp] draft-ietf-mpls-ldp-ipv6-16

Mark Tinka mark.tinka at seacom.mu
Sat Feb 21 11:01:46 EST 2015



On 21/Feb/15 16:58, Saku Ytti wrote:
> I feel this is product dependent. For IP transit, customers want to have IP
> transit with accurate RTT values.
> For L3 MPLS VPN, at least our customers, specifically complain if code hiding
> is not enabled.

We tell l3vpn customers that we do not hide topology - security by
obscurity never really helped anyone.

If they don't like it, they can go shop elsewhere.
>
> There is no sure-fire way to do both in multiservice network. As in P transit
> you can essentially only use label stack depth to determine if you want to do
> core hiding or if you want to pop and send to source or back to ingress PE.
>
> This can work reasonably well in fair-weather scenario, but during rerouting
> or offSPF TE even IP transit product would either not get traceroute or get
> incorrect RTT values.

I do recall one of the vendors (can't remember whether it was Juniper or
Cisco) were looking at a knob that could allow you to enable hiding on a
per service and/or node basis without getting into an all-or-nothing
situation.

Suffice it to say we never quite pursued it, as the potential hassle of
finding a working solution in a multi-vendor network was no worth the pain.

Mark.


More information about the cisco-nsp mailing list