nanog mailing list archives
RE: routing between provider edge and CPE routers
From: "Mike Bernico" <mbernico () illinois net>
Date: Wed, 29 Jan 2003 16:46:56 -0600
So, by accepting routes from CPE you create a huge security
vulnerability
for your customers, and other parties. This practice was understood
as a
very bad network engineering for decades.
Is there someplace I can find tidbits of information like this? I haven't been alive decades so I must have missed that memo. Other than this list I don't know where to find anyone with lots of experience working for a service provider.
1) for single-homed sites use static routing, period. Dynamic routing does not add anything useful in this case (if circuit is down, it's
down,
there are no alternative ways to reach the customer's network).
I agree, and all the feedback I've gotten should help me convince my peers.
The "convinience" of having to configure only CPE box is no excuse.
Invest
some resources in a rather trivial configuration management system,
which
keeps track of what network addresses were allocated to which
customer,
and produces corresponding bits of router configuration automatically. Most respectable ISPs did that long time ago. That will also reduce
your
tech support costs.
I've never heard of software like that. Do you have a recommended vendor? Is it typically developed in house?
PS. They should really require a test in "defensive networking" before letting anyone to touch provider's routers...
What can I say, I must work cheap!
Current thread:
- routing between provider edge and CPE routers Mike Bernico (Jan 29)
- Re: routing between provider edge and CPE routers Bruce Robertson (Jan 29)
- Re: routing between provider edge and CPE routers Petri Helenius (Jan 30)
- Re: routing between provider edge and CPE routers Christopher L. Morrow (Jan 29)
- Re: routing between provider edge and CPE routers Vadim Antonov (Jan 29)
- Re: routing between provider edge and CPE routers Serge Maskalik (Jan 29)
- Re: routing between provider edge and CPE routers E.B. Dreger (Jan 29)
- <Possible follow-ups>
- RE: routing between provider edge and CPE routers Mike Bernico (Jan 29)
- RE: routing between provider edge and CPE routers Mike Bernico (Jan 29)
- RE: routing between provider edge and CPE routers Vadim Antonov (Jan 29)
- RE: routing between provider edge and CPE routers Ray Burkholder (Jan 29)
- Re: routing between provider edge and CPE routers Miquel van Smoorenburg (Jan 30)
- Re: routing between provider edge and CPE routers Bruce Robertson (Jan 29)