[40629] in North American Network Operators' Group
Re: NOC servers with public/private ip address
daemon@ATHENA.MIT.EDU (Andy Walden)
Wed Aug 15 11:47:20 2001
Date: Wed, 15 Aug 2001 10:42:55 -0500 (CDT)
From: Andy Walden <andy@tigerteam.net>
To: Greg Maxwell <gmaxwell@martin.fl.us>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.33.0108151137150.1316-100000@da1server.martin.fl.us>
Message-ID: <Pine.LNX.4.33.0108151041130.3206-100000@vision.tigerteam.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 15 Aug 2001, Greg Maxwell wrote:
> On Tue, 14 Aug 2001, Wojtek Zlobicki wrote:
>
> > That isn't quite correct. Internet routers should never "advertise" private
> > IP blocks to the global Intenet, I've never heard of anyone stating that
> > they should not have them in their routing table. I've worked in a few NOCs
> > in my short life and the NOC has always been on an isolated private subnet.
> > Acess to critical hardware was only allowed from behind that subnet.
> >
> > Private addressing adds an extra layer of security as well as saving
> > valuable IP space.
>
> Security?! Come on. That's a lame reason.
>
> It's that kind of mindset that leads to your customers being able to
> manage your routers, simply because you had them secured by only being
> manageable from a private space.
Please, oh please, not this conversation again. He did say 'layer',
implying there was more then one. You were the one that said 'only'. Lets
leave this alone.
andy
