Whoa; the 3 network?

Howard C. Berkowitz hcb at clark.net
Wed Dec 24 15:12:36 UTC 1997

>> Right, but since each border router off of the public Internet can't
>> advertise anything smaller than /24 (would *your* router accept an
>> advertisement for, each seperate office needs at least a /24.
>> Yeah, NAT can take care of the internal addressing, but you're still stuck
>> with the fact that you "only" can have 256 seperate border routers.
>Well, figure that there is going to be some level of proxy service
>going on for those who do access web pages and whatnot so its unlikely
>that there would be less than a class C used at each location in
>actuallity. Plus figure that the only thing that needs to be visible
>is the /30 allocated from the upstream for the link, technically,
>there doesn't need to be *any* public addresses in an office.
>Not to discount valid use of addresses, simply pointing out that if
>one wanted to restrict themselves, its quite possible. I doubt anyone
>would want to put themselves through this in the real game, but...

I think this still has operational content, because justifying address
space is a reasonably day-to-day real-world requirement.  Perhaps PAGAN
might be more appropriate, but it seems to have gone into intergalactic

We have been making an assumption about being able to hold address space
behind address-translating gateways, be they full firewalls or NAT boxes.
At the IETF NAT meeting this month, Bob Moskowitz, among others, pointed
out this assumption runs counter to trends in large enterprises to use
end-to-end encrypted tunnels.  If the firewall, etc., is not trusted with
the cryptosystem, then it can't do address translation involving such
things as TCP checksums.

Widespread deployment of IPsec, as I understand it, is likely to increase
greatly the need for public address space.

More information about the NANOG mailing list