On Thu, Feb 24, 2011 at 11:13 AM, Tassos Chatzithomaoglou <achatz@forthnet.gr> wrote:
How do you define infrastructure addresses in your network? Ok, probably router loopbacks are some of them. Router LANs also.
But what about addresses used on WAN (or LAN p2p) links that are used for interconnections with customers? What about addresses used for public servers (dns, mail, web, etc)?
Do you consider these as infrastructure addresses? If yes, how do you define your iACLs with these included?
Defining customer interconnect addresses as infrastructure subject to filtering is a bad idea. One of my ISPs does that: you can't reach the serial interface of my router from outside their network because of the filtering. There are customer applications where it's useful to originate a tunnel from the customer serial interface. I had to carve off a chunk of an extra assignment, introducing an extra route into their system. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004