North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NOC servers with public/private ip address
If you can afford extra links for your backdoor connections, setting up private IP addresses based NOC with direct interconnection to all nodes is more secure. You can turn off telnet/ssh access to the routers from outside and only allow the private addresses to connect directly to your router(s). Drawback is you can't directly connect to them from outside anymore, but you could setup a gateway PC/firewall for this purpose. I wouldn't worry about having private addresses in the routing tables as long as you don't advertise them. Make sure you also setup localloop IP addresses for each router such that router connection are not based on any physical link. This would also make load sharing across multiple same paths alot easier. ak ----- Original Message ----- From: "Wojtek Zlobicki" <[email protected]> To: <[email protected]> Sent: Tuesday, August 14, 2001 2:56 PM Subject: Re: NOC servers with public/private ip address > > > Although I am almost religious that > > internet routers should NEVER have private address in the routing table > > That isn't quite correct. Internet routers should never "advertise" private > IP blocks to the global Intenet, I've never heard of anyone stating that > they should not have them in their routing table. I've worked in a few NOCs > in my short life and the NOC has always been on an isolated private subnet. > Acess to critical hardware was only allowed from behind that subnet. > > Private addressing adds an extra layer of security as well as saving > valuable IP space. > > >
|