On 12/2/11 13:31 , Warren Kumari wrote: > > On Dec 2, 2011, at 1:51 PM, Joel jaeggli wrote: > >> On 12/2/11 09:59 , Michael Richardson wrote: >>> >>>> Ted, your response does not address what I said at all. Not >>>> one bit. Let's assume that *every* enterprise used every >>>> last address of 172.16/12 (and, for that matter ever bit of >>>> 1918 space). That's irrelevant and still does not address my >>>> question. The question is whether these addresses are used >>>> BY EQUIPMENT THAT CAN'T NAT TO IDENTICAL ADDRESSES ON THE >>>> EXTERIOR INTERFACE. I am happy to accept an answer of, "Yes, >>>> all 1918 address space is used by such equipment", but >>>> nobody, including you, has actually said that. >>> >>> one reason enterprises use 172.16/12 for stuff is because that way, >>> when their VPNs come up with people's residents, they do not immediately >>> conflict with the LAN at the home/coffee shop, etc. >> >> realistically a sufficiently large enterprise uses all of rfc 1918 in >> one form or another... > > But (also realistically) a "sufficiently large enterprise" that uses all of RFC1918 is not going to be sitting behind a CGN... it's employees are probably sitting behind many of them, but no it's ip/ssl-vpn termination platform is not. > W > >> you're counting on to some extent the more >> specific route associated with the subnet leaving the covering vpn route >> unclobbered. sometimes however heroic work-arounds are required. >> >> _______________________________________________ >> Ietf mailing list >> Ietf@xxxxxxxx >> https://www.ietf.org/mailman/listinfo/ietf >> > > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf