On 11/03/2013 9:43 PM, Gert Doering wrote:
Hi,
On Mon, Mar 11, 2013 at 10:18:31AM +0000, Gordon Bryan wrote:
Can I ask what your thoughts are on core IP addressing? Do you have
specified global ranges for this purpose with matching iACLs or do
you use another method altogether.
We use a dedicated IPv4 /24 for all core links which is heavily ACLed
at all external borders.
+1.
What we're currently not so good at is "protect the PE-CE link" -
the customer infrastructure is so heterogeneous that we can't do
"every PE-CE link gets a /30 from a well-known /22 (or whatever) and
that is also strongly filtered" (as ytti suggested).
We also started to move from /30s to /31s 12 months before I left.
Saves 50% of public addresses and given we were supplying and managing
almost all of the CPE routers, it was a non issue in so far as which
ones would work (anything recent Cisco-wise did).
If a customer asked why a /31, I would suggest they try it and then if
it doesn't work we'll go back to a /30. But between Cisco and Juniper
it all did just work...........
Side issue I know, but a 50% saving makes it a bit less costly in terms
of the operational cost of burning public IP addresses.
Reuben
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
