Re: NOC servers with public/private ip address

["Arman Khalili" <arman () unitedlayer com>]

If you can afford extra links for your backdoor connections, setting up
private IP addresses based NOC with direct interconnection to all nodes is
more secure.
You can turn off telnet/ssh access to the routers from outside and only
allow the private addresses to connect directly to your router(s).  Drawback
is you can't directly connect to them from outside anymore, but you could
setup a gateway PC/firewall for this purpose.

I wouldn't worry about having private addresses in the routing tables as
long as you don't advertise them.

Make sure you also setup localloop IP addresses for each router such that
router connection are not based on any physical link.  This would also make
load sharing across multiple same paths alot easier.

ak

----- Original Message -----
From: "Wojtek Zlobicki" <wojtekz () idirect com>
To: <nanog () merit edu>
Sent: Tuesday, August 14, 2001 2:56 PM
Subject: Re: NOC servers with public/private ip address


> > Although I am almost religious that
> > internet routers should NEVER have private address in the routing table
>
> That isn't quite correct.  Internet routers should never "advertise"
private
> IP blocks to the global Intenet, I've never heard of anyone stating that
> they should not have them in their routing table.  I've worked in a few
NOCs
> in my short life and the NOC has always been on an isolated private
subnet.
> Acess to critical hardware was only allowed from behind that subnet.
>
> Private addressing adds an extra layer of security as well as saving
> valuable IP space.