On Oct 9, 2014, at 3:04 PM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
On 9 October 2014 23:18, Roland Dobbins <rdobbins@arbor.net> wrote:
On Oct 10, 2014, at 4:13 AM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
My colleges wanted to completely drop using public IP addressing in the infrastructure.
Your colleagues are wrong. Again, see RFC6752.
Yes, for using private IP addressing RFC 6752 applies and it is why we are not doing it. But you seem to completely fail to understand that RFC 6752 does not apply to the proposed solution. NONE of the problems listed in RFC 6752 are a problem with using unnumbered interfaces. Traceroute works. ICMP works. There are no private IP addresses that gets filtered.
I am wondering if all the nay sayers would not agree that is it better to have a single public loopback address shared between all my interfaces, than to go with private addressing completely?
This is a false dichotomy.
Because frankly, that is the alternative.
It isn't the only alternative. The *optimal* alternative is to use publicly-routable link addresses, and then protect your infrastructure using iACLs, GTSM, CoPP, et. al.
I will as soon as you send me the check to buy addresses for all my links. I got a few.
But it appears you do not realize that we ARE using public IPs for our infrastructure. And we ARE using ACLs for protecting it. We are not using addresses for LINKS, neither public nor private. And it is not for security but to conserve expensive address space.
Addresses are not expensive. You can get up to a /40 from ARIN for $500 one-tim and $100/year. Are you really trying to convince me that you have ore than 16.7 million links? (and that’s assuming you assign a /64 per link). I’m sorry, but this argument utterly fails under any form of analysis. Owen