Hi, sorry i missed this ,but i wanted to comment anyway. i have had the same situ recently working on a project in the UK. we also used static routes/dialer commands simply because of this . we had a spate of recent laptop/desktop theft`s and people were trying to get to our network after stealing these boxes. now that we have changed it so that once you call and try to authentciate we simply set our boxes to dial back a fixed number and use a fixed ip address ... it`s sounds like overkill ...but it`s the only way to be sure... MY Tu`pence steve >From: "Chuck Larrieu" >Reply-To: "Chuck Larrieu" >To: [EMAIL PROTECTED] >Subject: RE: I have a customer who... food for thought - static routes >[7:18038] >Date: Fri, 31 Aug 2001 01:38:11 -0400 > >There have been several good replies to my post. In addition to Tony's >insight below, Leigh Anne and Jim both had excellent observations that >covered issues my customer raised. > >The customer expressed concerns were with engineers who for any number of >reasons, whether careless, inconsiderate, malicious, or as part of their >jobs, might bring down various segments. this is something that apparently >happens with some regularity in the customer production network. > >there were concerns with route flapping at the core. we are in California, >after all, and we still live under the threat of rolling blackouts. plus >many folks out here are doing their part by shutting things down at night, >or when not in use. The flapping issue is bogus, as one could always >advertise only the summaries into the core, but again, the customer >engineer >would not hear of it. > >the customer deliberately turns off CDP. I did not discuss this with him, >but I suspect there is a bit of concern with revealing information that CDP >transmits. > >my point in bringing up this situation was in part to stimulate thought >about using various forms of routing as one means of enforcing policy. >Static routing is not necessarily a bad thing. On the other hand, there are >other ways to deal with the stated concerns other than massive static >routing. > >enjoyed the comments. thanks, everyone. > >Chuck > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Tony Medeiros >Sent: Thursday, August 30, 2001 12:23 AM >To: [EMAIL PROTECTED] >Subject: Re: I have a customer who... food for thought - static routes >[7:17826] > > >I'll bite: >PROS: > >1) If DSL user decides to change his network for some reason and it >overlaps >another on somewhere, dynamic routing will hose the core. (could prevent >with route filtering but that would be an even bigger hassle). > >2) 7206 might fold with that many routing protocol neigbors (depends on >routing protocol) > >3) Job security for the guy managing the network :) > >4) ODR needs CDP and that many neighbors could fold the core too maybe ?? >Don't know about that. > >5) Less overhead in general. > >6) Security, Don't want some guy to announce a boatload of bogus networks. > >7) Unless the routing protocol of choice can only send a default route, >Those little DSL routers would get killed with a big table. OSPF is would >do it but would each little router would need to be in it's own area or the >LS database would kill the little guys . RIP seems like a good choice, >but >again, there would be need for a lot of filtering to keep the table small. >You could have a default static on all the little guys and filter ALL >updates coming out of the core. But there is the security thing again. > >8) Stability, The static way will be the most stable for sure, > >CONS: >1) Managment nightmare. > >I think I see their point already Chuck. I don't quite see why CDP wouldn't >be allowed though. >Am I close ? >Tony M. > >----- Original Message ----- >From: "Chuck Larrieu" >To: >Sent: Wednesday, August 29, 2001 11:28 PM >Subject: I have a customer who... food for thought - static routes >[7:17819] > > > > I have a customer who... don't you love it when a post begins with those > > words? > > > > In my case, I am hoping this can serve as food for thought, a >springboard > > for discussion. So here goes.... > > > > My customer is a high tech firm whose name you would all recognize, if I > > were to exhibit ill manners by revealing it. > > > > My project ( well, I'm just the junior assistant engineer ) is to >develop > > and proof configurations for a private remote access network. DSL at the > > home, ATM at the central site. Not a VPN. This circuit does not touch >the > > internet. > > > > In any case, the client is expecting 500-1000 home users on this >network. > > > > Here's the kicker. the client refuses to allow routing protocols on >either > > the home user routers ( Cisco 827's ) or the central site router ( Cisco > > 7206 ) That means how many static routes at the host site? :-0 > > > > Food for thought - what are some of the reasons the customer might not >want > > a routing protocol of any kind on this network? When discussing with the > > customer engineer in charge of this project, I was given a couple of > > reasons, and upon hearing them I saw the point and agreed the concerns >were > > valid. > > > > BTW, the point was not that the customer hates me and wants me to spend >the > > next three weeks typing in static routes. Nor is it that the customer >does > > not "get it". It is not a matter of good or bad design. > > > > So, in light of the old saw that static routes are not scalable, and >should > > be avoided, what might be some reasons that a designer would demand a > > network of this size and relative complexity, with users being added, > > subtracted, and relocated, thus creating long term employment for the >router > > administrator, be composed entirely of static routes? What are the >plusses? > > What is the downside? > > > > Your analyses, please. > > > > Chuck > > > > P.S. I think I'm going to try again. Maybe On Demand Routing would solve >my > > problem and the customer's. Oops, that's right. The major component of >ODR > > is not allowed on this network either. ( hint ) _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18322&t=18322 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
