On Oct 9, 2014, at 3:04 PM, Baldur Norddahl <baldur.nordd...@gmail.com> wrote:
> On 9 October 2014 23:18, Roland Dobbins <rdobb...@arbor.net> wrote: > >> >> On Oct 10, 2014, at 4:13 AM, Baldur Norddahl <baldur.nordd...@gmail.com> >> wrote: >> >>> My colleges wanted to completely drop using public IP addressing in the >> infrastructure. >> >> Your colleagues are wrong. Again, see RFC6752. >> > > Yes, for using private IP addressing RFC 6752 applies and it is why we are > not doing it. But you seem to completely fail to understand that RFC 6752 > does not apply to the proposed solution. NONE of the problems listed in RFC > 6752 are a problem with using unnumbered interfaces. Traceroute works. ICMP > works. There are no private IP addresses that gets filtered. > >> I am wondering if all the nay sayers would not agree that is it better to >> have a single public loopback address shared between all my interfaces, >> than to go with private addressing completely? >> >> This is a false dichotomy. >> >>> Because frankly, that is the alternative. >> >> It isn't the only alternative. The *optimal* alternative is to use >> publicly-routable link addresses, and then protect your infrastructure >> using iACLs, GTSM, CoPP, et. al. >> >> > I will as soon as you send me the check to buy addresses for all my links. > I got a few. > > But it appears you do not realize that we ARE using public IPs for our > infrastructure. And we ARE using ACLs for protecting it. We are not using > addresses for LINKS, neither public nor private. And it is not for security > but to conserve expensive address space. Addresses are not expensive. You can get up to a /40 from ARIN for $500 one-tim and $100/year. Are you really trying to convince me that you have ore than 16.7 million links? (and that’s assuming you assign a /64 per link). I’m sorry, but this argument utterly fails under any form of analysis. Owen
