[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Infrastructure addresses definition
- Subject: Infrastructure addresses definition
- From: bill at herrin.us (William Herrin)
- Date: Thu, 24 Feb 2011 11:39:24 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
On Thu, Feb 24, 2011 at 11:13 AM, Tassos Chatzithomaoglou
<achatz at forthnet.gr> wrote:
> How do you define infrastructure addresses in your network?
> Ok, probably router loopbacks are some of them. Router LANs also.
> But what about addresses used on WAN (or LAN p2p) links that are used for
> interconnections with customers?
> What about addresses used for public servers (dns, mail, web, etc)?
> Do you consider these as infrastructure addresses?
> If yes, how do you define your iACLs with these included?
Defining customer interconnect addresses as infrastructure subject to
filtering is a bad idea. One of my ISPs does that: you can't reach the
serial interface of my router from outside their network because of
the filtering. There are customer applications where it's useful to
originate a tunnel from the customer serial interface. I had to carve
off a chunk of an extra assignment, introducing an extra route into
William D. Herrin ................ herrin at dirtside.com? bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004