Best Practices for Loopback addressing (Core routers & VPN CPE)

Another argument for public loopback/link addresses: merging networks. Fairly bad when you plan to merge two networks and loopback addresses are not unique anymore :wink:

Regarding RIRs we haven't had real problems using public address space. As mentioned by Christopher: talk to them is the solution. Of course they will ask you if you can't use private address space - that's their job!

Management in VPN networks: plan for address collisions. Anything else but (your own) public addresses can be used by the customers. doesn't help you for all times ("oh, we use that for our extranet as all partners had 10.x.x.x in use like us"). Maybe using a separate management VRF on the CPE and DLCI/PVC/VLAN on the CPE-PE link is an option. Or use management address ranges in all 3 RFC1918 networks to lower the probability of collisions - often customers use only 1 or 2 address ranges. I've also seen NAT on the provider end of the management DLCI/PVC together with management address ranges per customer network.

Regards, Marc