How to choose IPv6 addresses for customer links?
Steve Bertrand
steve at ibctech.ca
Wed Feb 4 17:49:37 CET 2009
Dan White wrote:
> Gert Doering wrote:
>> Hi,
>>
>> On Sun, Feb 01, 2009 at 09:51:11PM -0600, Dan White wrote:
>>
>>> What is the benefit of using BGP in a scenario like this (ethernet
>>> link to customer)? Would OSPF6 or RIPNG make more sense since
>>> shouldn't need to know their address?
>>>
>>
>> Control.
>>
>> With BGP, you can easily filter which routes you are going to accept
>> from your customer - even if it's a bit more tedious to set up.
>>
>> With OSPF, the customer can just inject you funny things like "hey,
>> give all packets to google's IPv6 address to me"...
>>
>> Even if you know that your customers do not have any malicious intent,
>> mistakes and typos happen.
>>
>> Gert Doering
>> -- NetMaster
>>
>
> I would think that I could filter ospf6/ripng advertisements based on
> which interface (customer) i'm receiving them from.
>
> I just need to set this up in a lab and learn from experience.
I absolutely, totally agree with the 'lab-it-up' and learn from
experience statement.
RIP/OSPF are not scalable for containing all routes within even a small
size network. It is also not designed with security in mind. You could
do all sorts of ACL's and other trickery to prevent
malicious/accidentally mis-configured hosts from messing things up, but
BGP generally does this inherently.
As Gert stated, BGP is about control. You can do all manner of route
management/manipulation from within the protocol itself. You can go as
far as to allow your customers to manipulate their own routes on your
routers, without the fear of them causing you issues.
Definitely lab it up... but then do some research on BGP in general,
eBGP and how/what it is for, and then iBGP over OSPF-carried loopbacks
(vs. static routes) for within your own network.
Cheers,
Steve
More information about the ipv6-ops
mailing list