Hi Group,
I'm heading towards the final stages of planning a new MPLS core network and
I'm currently stuck in two minds between public or private addressing for the
core.
I like the concept of private addressing (core hiding being one) but having
never seen it deployed in anger I'm concerned that it might not be as simple as
it seems and may break other things. I've read that traceroute and PMTUD are at
risk in such a scenario.
Is anyone on this list using private addressing in the core and can you share
your experiences? Particularly any pitfalls or any obscure quirks that you
found lurking?
Also, even in a completely private core, a PE still becomes exposed to the
outside world on its PE-to-CE interface when delivering Internet services. Has
anyone developed any proficient methods for locking down these interfaces and
making them unresponsive/secure from the outside?
Many thanks
Gordon
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
