RE: p2p addresses for point-to-point connections with customers

["Otis L. Surratt, Jr." <otis () ocosa com>]

We generally perform all the management needed for our customer's circuits. If the customer is wanting to remotely 
manage their own router and etc then you should adjust your iACL to grant the customer access only on the IP on their 
router interface not the whole /30 or etc. Or if you've routed an IP range to that customer they can use that and pick 
an IP for mgmt stuff from that range and let your infrastructure be at peace. ;)

Also, if you are going to adjust your iACL for them you will want that customer to have a static IP address or range 
(not dynamic address) they are using to monitor/manage/access the infrastructure IP you've assigned on their router.

Otis
-----Original Message-----
From: Tassos Chatzithomaoglou [mailto:achatz () forthnetgroup gr] 
Sent: Tuesday, November 06, 2012 7:45 AM
To: Dobbins, Roland
Cc: NANOG list
Subject: Re: p2p addresses for point-to-point connections with customers

Roland, how do you handle customer requests regarding the remote management of their devices?
i.e. if the customer wants to do any kind of management (ssh, snmp) from outside his router, he must use our 
infrastructure address (which is configured on his router) as a destination.
Generally, the customer might want to use this wan address for many other things which you shouldn't actually care, 
since it's his router.