>>>>> "Pete" == Pete Resnick <presnick@xxxxxxxxxxxx> writes:
>> For RFC 1918 space, the problem with picking it isn't so much
>> that the ISP can't pick one that consumer NATs don't use - it's
>> that they can't pick one that no Enterprise on a*different* ISP
>> uses. For example, assume my employer used 10.64.0.0/10 (they
>> probably do somewhere), and connected to ISP-A. I connect to
>> ISP-B using a 3GPP laptop-card, and get the same 10.64.0.0/10
>> address space. I now cannot use a VPN to my employer, because of
>> the resulting conflict in the routing table in my laptop. But
>> there's nothing I nor my*ISP-B* can do about this, because my
>> employer has been using that address for a long time
>> (legitimately) and is connected to*ISP-A*.
Pete> Doesn't this same problem exist if I'm currently attached to a
Pete> CPE NAT that provides me with a 10.64.0.0/10 address and my
Pete> VPN uses the same space? Are you saying that VPN software does
Pete> not already deal with this?
It's not an easily solved problem, particularly if the VPN software is
not provided by the creator of the TCP/IP stack. Even when it is
solved, it's still a horrible hack.
Most NAT boxes are routers that twiddle addresses. They are not double
stack application gateways.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf