Re: Consensus Call (Update): draft-weil-shared-transition-space-request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Mark" == Mark Andrews <marka@xxxxxxx> writes:
    Mark> This is not a ISP/CUSTOMER problem.  This is a
    Mark> ISP/CUSTOMER/WORK problem.

    Mark> You have the ISP using 172.16/12 You have the customer using
    Mark> 192.168/16 or 10/8 You have WORK using 172.16/12

    Mark> Enterpises have choosen to use 172.16/12 for EXACTLY the same
    Mark> reasons you want ISP to use 172.16/12.  CPE equipment doesn't
    Mark> default to that range.  Both the enterprise and the ISP don't
    Mark> want to clash with the employee/customer.

It's not in general a problem unless the tunnel to work is terminated on
the CPE device itself.    For the normal case, the *DEKSTOP/LAPTOP*
terminates the VPN, and so it sees CUSTOMER and WORK prefixes, while
CPE device sees CUSTOMER and ISP prefixes. WORK sees WORK and Public-IP
prefixes.

In the case where the VPN is terminated on the CPE device, I claim three
things: 
  a) customer/WORK is sophisticated and can communicate about problem.
  b) the CPE device already has a public IP on the outside, the ISP
     should not renumber it.
  c) the CPE device can be given a host route for it's default gateway,
     and it has no reason to talk to any other host in the ISPs CGN
     network anyway.

(Openswan installs a host route via the old default route for ESP
traffic, and a pair of 0.0.0.0/1 and 128.0.0.0/1 routes through the
tunnel if you are extruding.  This avoids removing the default route...)

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 

Attachment: pgpfBdB9mWfF8.pgp
Description: PGP signature

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]