[arin-announce] IPv4 Address Space (fwd)
Leo Bicknell
bicknell at ufp.org
Wed Oct 29 16:45:52 UTC 2003
In a message written on Wed, Oct 29, 2003 at 09:35:13AM -0600, Kuhtz, Christian wrote:
> Simply ignoring present reality isn't a globally wise solutions. Hence we
> have broken VPN products incapable of dealing with NAT. Some are capable of
> dealing with NAT just fine, and are readily available. Enough said.
The danger here isn't that it can be made to work, but that as
network operators we are driving application vendors to a very
dangerous lowest common denominator.
The VPN people have already figured out:
A) The technology must run over a TCP connection that encodes no
local endpoint information so it can pass through NAT.
B) The technology must be able to run on TCP port 80 to bypass
overly restrictive filters.
Other applications are doing the same. Many of the file sharing
services can already meet both of these points.
The end result is that in the near future it will be much harder,
or impossible for network operators to collect statistics based on
traffic type or to filter particular types of traffic without being
able to dig into the payload itself and see what type of traffic
is passing.
Some people see this as a problem, some do not.
--
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031029/88c047c9/attachment.sig>
More information about the NANOG
mailing list