[94446] in North American Network Operators' Group
Re: Google wants to be your Internet
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Jan 22 14:12:13 2007
In-Reply-To: <45B50748.5040608@spaghetti.zurich.ibm.com>
From: Roland Dobbins <rdobbins@cisco.com>
Date: Mon, 22 Jan 2007 11:00:40 -0800
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Jan 22, 2007, at 10:49 AM, Jeroen Massar wrote:
> But which address space do you put in the network behind the VPN?
>
> RFC1918!? Oh, already using that on the DSL link to where you are
> VPN'ing in from..... oopsy ;)
Actually, NBD, because you can handle that with a VPN client which
does a virtual adaptor-type of deal and overlapping address space
doesn't matter, because once you're in the tunnel, you're not sending/
receiving outside of the tunnel. Port-forwarding and NAT (ugly, but
people do it) can apply, too.
>
> That is the case for globally unique addresses and the reason why
> banks
> that use RFC1918 don't like it when they need to merge etc etc etc...
Sure, and then you get into double-NATting and who redistributes what
routes into who's IGP and all that kind of jazz (it's a big problem
on extranet-type connections, too). To be clear, all I was saying is
that the subsidiary point that there are things which don't belong on
the global Internet is a valid one, and entirely separate from any
discussions of universal uniqueness in terms of address-space, as
there are (ugly, non-scalable, brittle, but available) ways to work
around such problems, in many cases.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Technology is legislation.
-- Karl Schroeder
