On 9 October 2014 23:18, Roland Dobbins <rdobbins@arbor.net> wrote:
On Oct 10, 2014, at 4:13 AM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
My colleges wanted to completely drop using public IP addressing in the infrastructure.
Your colleagues are wrong. Again, see RFC6752.
Yes, for using private IP addressing RFC 6752 applies and it is why we are not doing it. But you seem to completely fail to understand that RFC 6752 does not apply to the proposed solution. NONE of the problems listed in RFC 6752 are a problem with using unnumbered interfaces. Traceroute works. ICMP works. There are no private IP addresses that gets filtered.
I am wondering if all the nay sayers would not agree that is it better to have a single public loopback address shared between all my interfaces, than to go with private addressing completely?
This is a false dichotomy.
Because frankly, that is the alternative.
It isn't the only alternative. The *optimal* alternative is to use publicly-routable link addresses, and then protect your infrastructure using iACLs, GTSM, CoPP, et. al.
I will as soon as you send me the check to buy addresses for all my links. I got a few. But it appears you do not realize that we ARE using public IPs for our infrastructure. And we ARE using ACLs for protecting it. We are not using addresses for LINKS, neither public nor private. And it is not for security but to conserve expensive address space. The thing is that we will only use ONE public address for a router. And the router will be using that address for traceroute, ICMP et al. And therefore RFC 6752 does not apply. What started this thread was the simple observation that you can do the same with IPv6. In that case I am doing it because it is simpler to do the same thing on both protocols. And frankly I am not seeing the disadvantages put fourth so far as being anything worth taking extra management work for. What I am mostly getting from the responses here are not much useful, other than a lot of people screaming he his doing something different so he must be an idiot :-(. Well aside from Bill, which is apparently doing the same thing for the same reason (cost). Regards, Baldur