On Nov 6, 2012, at 6:32 PM, Tassos Chatzithomaoglou wrote:
Do you consider them infrastructure addresses or customer addresses?
They're infrastructure addresses.
Do you put them in your IGP or in BGP?
You should treat them as you do your other infrastructure addresses (i.e., if
you're
Having an iACL format like below, that means that i would have to add at least
one extra permit entry before the
spoofing entries.
deny MARTIANS/BOGONS
deny SPOOFING
deny PROTOCOLS/PORTS
permit BGP-PEERINGS
permit TUNNELS
deny INFRASTRUCTURE
permit ANY
If that's indeed the case, what
On Nov 6, 2012, at 7:31 PM, Tassos Chatzithomaoglou wrote:
Only specific types of icmp messages?
That, plus the routing session (if any) with your customer, plus anything else
that's situationally-specific (GRE tunnel termination, etc.).
Roland, how do you handle customer requests regarding the remote management of
their devices?
i.e. if the customer wants to do any kind of management (ssh, snmp) from
outside his router, he must use our
infrastructure address (which is configured on his router) as a destination.
Generally, the
We generally perform all the management needed for our customer's circuits. If
the customer is wanting to remotely manage their own router and etc then you
should adjust your iACL to grant the customer access only on the IP on their
router interface not the whole /30 or etc. Or if you've routed
Well if you’re null routing the /30 then you or them should have a /32 or
larger for NAT or no RFC space behind it.
-Original Message-
From: Tassos Chatzithomaoglou [mailto:ach...@forthnetgroup.gr]
Sent: Wednesday, 7 November 2012 2:45 a.m.
To: Dobbins, Roland
Cc: NANOG list
Subject:
On 11/6/2012 5:44 AM, Tassos Chatzithomaoglou wrote:
Roland, how do you handle customer requests regarding the remote management of
their devices?
i.e. if the customer wants to do any kind of management (ssh, snmp) from
outside his router, he must use our
infrastructure address (which is
7 matches
Mail list logo
