[21368] in North American Network Operators' Group
Re: ARIN?
daemon@ATHENA.MIT.EDU (Mike Pistone)
Thu Nov 12 15:02:06 1998
Date: Thu, 12 Nov 1998 09:47:12 -0500
To: Jeff Mcadams <jeffm@iglou.com>
From: Mike Pistone <pistone@eurekanet.com>
Cc: nanog@merit.edu
In-Reply-To: <E0zdKVN-0000qb-00@iglou.com>
Although I am almost NEVER one to recommend a Microsoft product BUT MS
Proxy server is actually a very nice product. You can assign a /29 or /30
(I usually give them a /29 since I assign /29's to home dsl connections and
I have the network already subnetted). On the other side of the proxy you
can use private IP's and it will do the translation automaticly or you can
use IPX/SPX and it will automaticly function as a IPX to IP gateway. I
don't think there is a proxy client for Unix (any flavor of unix) but they
do have W95/98, W31 and mac.
My only concerns would be how it would scale to large networks. It has the
ability to function as a daisy-chained proxy server farm where each one
shares the load but I don't have any experience with this setup.
It also has access control (user a can only browse these web sites, user B
can only telnet and ftp, no web...) and very detailed logging of users
traffic. Both of these features I find sort of "unethical" (wrong word but
you know what I mean) but in a corporate enviroment they require them.
-Mike
At 03:35 PM 11/10/98 -0500, you wrote:
>Thus spake Owen DeLong
>>I think this misses the point. ARIN doesn't require or want you to SWIP
>>your /30 and /32 allocations. A network that small just doesn't require
>>that level of public contact visibility.
>
>I think you missed his point though....with NAT/PAT technology.../30 and
>/32's from ISP's can indeed provide a whole corporate network with
>access (small corporate...not exactly Fortune 500 here, but you get the
>idea)...I second his point on this. We've got quite a few customers
>that are feeding whole networks with /32's...even providing web servers
>and mail servers via these NAT/PAT boxes that are available now. Just
>stating that the network only has one or two Internet available IP
>addresses and therefore its too small to be of significance is
>short-sighted at best. Many of these /32's for us have their own web
>administration, mail administration, and other local administration of
>many of their services. They use a single IP as almost an inherent
>firewall. Indeed, I have one customer that uses one of the NAT/PAT
>boxes to actually not have IP on their internal network at *ALL*. The
>box converts the TCP/IP to IPX/SPX...bizarre, but it works well for
>them. Anyway, they run their own mail server on this setup, and we do
>very little administrative functioning for them...DNS is it in this
>case.
>
>>As you've pointed out, you'll
>>be doing most of the things that matter (from a contact perspective)
>>for those customers. As such, it makes sense to use your larger block
>>contact information instead of SWIPing such small networks. In fact,
>>I'd rather see ARIN move the SWIP requirement back to /26 or so.
>
>Put my vote in for allowing up to /32's.
>--
>Jeff McAdams Email: jeffm@iglou.com
>Head Network Administrator Voice: (502) 966-3848
>IgLou Internet Services (800) 436-4456
>
>
-------------------------------------------------------------
Mike Pistone pistone@eurekanet.com
Systems/Network Administrator ph 614.593-5052
Eureka Networks, Ltd. fx 614.594-3632
