On Thu, Oct 9, 2014 at 5:13 PM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
But all this are customer facing interfaces, which do not really qualify for "point to point" links. I might consider adding interface addressing for IPv6, but for me IPv4 was the primary design parameter. Having IPv6 mirror the IPv4 setup means I have to think less about the setup. And we are really constrained to use as few IPv4 addresses as possible. We only got 1024 from RIPE and have to buy any additional at great expense.
Hi Baldur, If that's convenient, more power to you. I can think of nothing which breaks doing it that way, just a couple things that might be easier if you do it the other way.
My colleges wanted to completely drop using public IP addressing in the infrastructure.
This, however, is positively 100% broken. Do not use private IPs on your routers. The TCP protocol depends on receiving ICMP type 3 (destination unreachable) messages from your router. Without ICMP messages needed for path MTU detection, TCP connections somewhat randomly drop into a black hole. Have a customer who connects to your web server but never receives the web page? Look for the firewall blocking ICMP. If those ICMP messages originate from private IP addresses, they will not reach their destination. Private IPs tend to be dropped at multiple locations out on the public Internet. So don't use private IPs on routers. Routers must be able to generate ICMP destination unreachables with the expectation that they _will_ get through. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?