|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NOC servers with public/private ip address
On Wed, 15 Aug 2001 10:40:12 EDT, "Christopher A. Woodfield" said: > > If you're talking about assigning RFC1918 space to router interfaces that > transit traffic, a la @home, keep in mind that this can break PMTU-D, and > makes for messy (and slow) traceroutes when external hosts try to resolve > unresolvable reverse DNS entries. > > If you're talking about giving the workstations in your > NOC private IP addresses, using NAT to access your core routers, I see no > more a problem with that than I do with people using home DSL routers that > utilize NAT. There are those who would say using a NAT on a DSL router is evil. ;) A better solution would be to have your NOC, your status monitoring systems, your routers, your switches - all connected to a private subnet without using NAT. The LAST thing you want in the middle of a crisis is trying to debug a NAT problem ;) Whether to number your management network with a /24 out of RFC1918 space, or a /2something out of your own address space, and how heavily firewalled/isolated to make it, will depend on your paranoia level and how it balances against ease-of-use concerns - if you have a fully isolated management net, it's more secure, but a bitch to fix things from home ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00007.pgp
|