[64623] in North American Network Operators' Group
Re: [arin-announce] IPv4 Address Space (fwd)
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed Oct 29 11:47:51 2003
Date: Wed, 29 Oct 2003 11:45:52 -0500
From: Leo Bicknell <bicknell@ufp.org>
To: "Email List: nanog" <nanog@nanog.org>
Mail-Followup-To: "Email List: nanog" <nanog@nanog.org>
In-Reply-To: <DDA33D0260634241B611579903A1741608A9B746@01al10015010045.ad.bls.com>
Errors-To: owner-nanog-outgoing@merit.edu
--azLHFNyN32YCQGCU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Wed, Oct 29, 2003 at 09:35:13AM -0600, Kuhtz, Chris=
tian wrote:
> Simply ignoring present reality isn't a globally wise solutions. Hence we
> have broken VPN products incapable of dealing with NAT. Some are capable=
of
> dealing with NAT just fine, and are readily available. Enough said.
The danger here isn't that it can be made to work, but that as
network operators we are driving application vendors to a very
dangerous lowest common denominator.
The VPN people have already figured out:
A) The technology must run over a TCP connection that encodes no
local endpoint information so it can pass through NAT.
B) The technology must be able to run on TCP port 80 to bypass
overly restrictive filters.
Other applications are doing the same. Many of the file sharing
services can already meet both of these points.
The end result is that in the near future it will be much harder,
or impossible for network operators to collect statistics based on
traffic type or to filter particular types of traffic without being
able to dig into the payload itself and see what type of traffic
is passing.
Some people see this as a problem, some do not.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--azLHFNyN32YCQGCU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/n+7ANh6mMG5yMTYRAqibAJ4wzdE7k+/lltglb/lSWDTS4ZYepQCdEhWT
yzGm0WTL5dlmM3DzKbHA4l4=
=gdmU
-----END PGP SIGNATURE-----
--azLHFNyN32YCQGCU--
