Google wants to be your Internet
Roland Dobbins
rdobbins at cisco.com
Mon Jan 22 19:00:40 UTC 2007
On Jan 22, 2007, at 10:49 AM, Jeroen Massar wrote:
> But which address space do you put in the network behind the VPN?
>
> RFC1918!? Oh, already using that on the DSL link to where you are
> VPN'ing in from..... oopsy ;)
Actually, NBD, because you can handle that with a VPN client which
does a virtual adaptor-type of deal and overlapping address space
doesn't matter, because once you're in the tunnel, you're not sending/
receiving outside of the tunnel. Port-forwarding and NAT (ugly, but
people do it) can apply, too.
>
> That is the case for globally unique addresses and the reason why
> banks
> that use RFC1918 don't like it when they need to merge etc etc etc...
Sure, and then you get into double-NATting and who redistributes what
routes into who's IGP and all that kind of jazz (it's a big problem
on extranet-type connections, too). To be clear, all I was saying is
that the subsidiary point that there are things which don't belong on
the global Internet is a valid one, and entirely separate from any
discussions of universal uniqueness in terms of address-space, as
there are (ugly, non-scalable, brittle, but available) ways to work
around such problems, in many cases.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Technology is legislation.
-- Karl Schroeder
More information about the NANOG
mailing list