How do you define infrastructure addresses in your network?
Ok, probably router loopbacks are some of them. Router LANs also.
But what about addresses used on WAN (or LAN p2p) links that are used for interconnections with customers?
What about addresses used for public servers (dns, mail, web, etc)?
Do you consider these as infrastructure addresses?
If yes, how do you define your iACLs with these included?
Regards,
Tassos
Defining customer interconnect addresses as infrastructure subject to
filtering is a bad idea. One of my ISPs does that: you can't reach the
serial interface of my router from outside their network because of
the filtering. There are customer applications where it's useful to
originate a tunnel from the customer serial interface. I had to carve
off a chunk of an extra assignment, introducing an extra route into
their system.
Regards,
Bill Herrin
I consider anything not facing the customer to be infrastructure. In
terms of CPE, routers, etc. If it's a point to point connection
(t1,wireless,etc) the address on the router on my end facing the customer
router is considered a customer address.
Justin