On Thu, Feb 24, 2011 at 11:13 AM, Tassos Chatzithomaoglou <ach...@forthnet.gr> wrote: > How do you define infrastructure addresses in your network? > Ok, probably router loopbacks are some of them. Router LANs also. > > But what about addresses used on WAN (or LAN p2p) links that are used for > interconnections with customers? > What about addresses used for public servers (dns, mail, web, etc)? > > Do you consider these as infrastructure addresses? > If yes, how do you define your iACLs with these included?
Defining customer interconnect addresses as infrastructure subject to filtering is a bad idea. One of my ISPs does that: you can't reach the serial interface of my router from outside their network because of the filtering. There are customer applications where it's useful to originate a tunnel from the customer serial interface. I had to carve off a chunk of an extra assignment, introducing an extra route into their system. Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.comĀ b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
