North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: routing between provider edge and CPE routers
> So, by accepting routes from CPE you create a huge security vulnerability > for your customers, and other parties. This practice was understood as a > very bad network engineering for decades. Is there someplace I can find tidbits of information like this? I haven't been alive decades so I must have missed that memo. Other than this list I don't know where to find anyone with lots of experience working for a service provider. > 1) for single-homed sites use static routing, period. Dynamic routing > does not add anything useful in this case (if circuit is down, it's down, > there are no alternative ways to reach the customer's network). I agree, and all the feedback I've gotten should help me convince my peers. > The "convinience" of having to configure only CPE box is no excuse. Invest > some resources in a rather trivial configuration management system, which > keeps track of what network addresses were allocated to which customer, > and produces corresponding bits of router configuration automatically. > Most respectable ISPs did that long time ago. That will also reduce your > tech support costs. I've never heard of software like that. Do you have a recommended vendor? Is it typically developed in house? > PS. They should really require a test in "defensive networking" before > letting anyone to touch provider's routers... What can I say, I must work cheap!
|