[137957] in North American Network Operators' Group
Re: Infrastructure addresses definition
daemon@ATHENA.MIT.EDU (William Herrin)
Thu Feb 24 11:39:49 2011
In-Reply-To: <4D668399.70402@forthnet.gr>
From: William Herrin <bill@herrin.us>
Date: Thu, 24 Feb 2011 11:39:24 -0500
To: Tassos Chatzithomaoglou <achatz@forthnet.gr>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Feb 24, 2011 at 11:13 AM, Tassos Chatzithomaoglou
<achatz@forthnet.gr> wrote:
> How do you define infrastructure addresses in your network?
> Ok, probably router loopbacks are some of them. Router LANs also.
>
> But what about addresses used on WAN (or LAN p2p) links that are used for
> interconnections with customers?
> What about addresses used for public servers (dns, mail, web, etc)?
>
> Do you consider these as infrastructure addresses?
> If yes, how do you define your iACLs with these included?
Defining customer interconnect addresses as infrastructure subject to
filtering is a bad idea. One of my ISPs does that: you can't reach the
serial interface of my router from outside their network because of
the filtering. There are customer applications where it's useful to
originate a tunnel from the customer serial interface. I had to carve
off a chunk of an extra assignment, introducing an extra route into
their system.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
