nanog mailing list archives
Re: NOC servers with public/private ip address
From: "Arman Khalili" <arman () unitedlayer com>
Date: Tue, 14 Aug 2001 15:03:24 -0700
If you can afford extra links for your backdoor connections, setting up private IP addresses based NOC with direct interconnection to all nodes is more secure. You can turn off telnet/ssh access to the routers from outside and only allow the private addresses to connect directly to your router(s). Drawback is you can't directly connect to them from outside anymore, but you could setup a gateway PC/firewall for this purpose. I wouldn't worry about having private addresses in the routing tables as long as you don't advertise them. Make sure you also setup localloop IP addresses for each router such that router connection are not based on any physical link. This would also make load sharing across multiple same paths alot easier. ak ----- Original Message ----- From: "Wojtek Zlobicki" <wojtekz () idirect com> To: <nanog () merit edu> Sent: Tuesday, August 14, 2001 2:56 PM Subject: Re: NOC servers with public/private ip address
Although I am almost religious that internet routers should NEVER have private address in the routing tableThat isn't quite correct. Internet routers should never "advertise"
private
IP blocks to the global Intenet, I've never heard of anyone stating that they should not have them in their routing table. I've worked in a few
NOCs
in my short life and the NOC has always been on an isolated private
subnet.
Acess to critical hardware was only allowed from behind that subnet. Private addressing adds an extra layer of security as well as saving valuable IP space.
Current thread:
- NOC servers with public/private ip address R Z (Aug 14)
- Re: NOC servers with public/private ip address Wojtek Zlobicki (Aug 14)
- Re: NOC servers with public/private ip address Arman Khalili (Aug 14)
- Re: NOC servers with public/private ip address Kevin Loch (Aug 14)
- Re: NOC servers with public/private ip address Greg Maxwell (Aug 15)
- Re: NOC servers with public/private ip address Andy Walden (Aug 15)
- Re: NOC servers with public/private ip address Greg Maxwell (Aug 15)
- Re: NOC servers with public/private ip address Wojtek Zlobicki (Aug 14)
- <Possible follow-ups>
- RE: NOC servers with public/private ip address Roeland Meyer (Aug 14)
- Re: NOC servers with public/private ip address Christopher A. Woodfield (Aug 15)
- Re: NOC servers with public/private ip address Valdis . Kletnieks (Aug 15)
- Re: NOC servers with public/private ip address Jeff Gehlbach (Aug 15)
- Re: NOC servers with public/private ip address Valdis . Kletnieks (Aug 15)
- Re: NOC servers with public/private ip address Christopher A. Woodfield (Aug 15)