Google wants to be your Internet

Roland Dobbins rdobbins at cisco.com
Mon Jan 22 19:00:40 UTC 2007


On Jan 22, 2007, at 10:49 AM, Jeroen Massar wrote:

> But which address space do you put in the network behind the VPN?
>
> RFC1918!? Oh, already using that on the DSL link to where you are
> VPN'ing in from..... oopsy ;)

Actually, NBD, because you can handle that with a VPN client which  
does a virtual adaptor-type of deal and overlapping address space  
doesn't matter, because once you're in the tunnel, you're not sending/ 
receiving outside of the tunnel.  Port-forwarding and NAT (ugly, but  
people do it) can apply, too.

>
> That is the case for globally unique addresses and the reason why  
> banks
> that use RFC1918 don't like it when they need to merge etc etc etc...

Sure, and then you get into double-NATting and who redistributes what  
routes into who's IGP and all that kind of jazz (it's a big problem  
on extranet-type connections, too).  To be clear, all I was saying is  
that the subsidiary point that there are things which don't belong on  
the global Internet is a valid one, and entirely separate from any  
discussions of universal uniqueness in terms of address-space, as  
there are (ugly, non-scalable, brittle, but available) ways to work  
around such problems, in many cases.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

                     Technology is legislation.

                         -- Karl Schroeder







More information about the NANOG mailing list