Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Whoa; the 3 network?

  • From: Howard C. Berkowitz
  • Date: Wed Dec 24 10:55:47 1997

>> Right, but since each border router off of the public Internet can't
>> advertise anything smaller than /24 (would *your* router accept an
>> advertisement for 3.0.0.0/27?), each seperate office needs at least a /24.
>> Yeah, NAT can take care of the internal addressing, but you're still stuck
>> with the fact that you "only" can have 256 seperate border routers.
>
>Well, figure that there is going to be some level of proxy service
>going on for those who do access web pages and whatnot so its unlikely
>that there would be less than a class C used at each location in
>actuallity. Plus figure that the only thing that needs to be visible
>is the /30 allocated from the upstream for the link, technically,
>there doesn't need to be *any* public addresses in an office.
>
>Not to discount valid use of addresses, simply pointing out that if
>one wanted to restrict themselves, its quite possible. I doubt anyone
>would want to put themselves through this in the real game, but...
>

I think this still has operational content, because justifying address
space is a reasonably day-to-day real-world requirement.  Perhaps PAGAN
might be more appropriate, but it seems to have gone into intergalactic
space.

We have been making an assumption about being able to hold address space
behind address-translating gateways, be they full firewalls or NAT boxes.
At the IETF NAT meeting this month, Bob Moskowitz, among others, pointed
out this assumption runs counter to trends in large enterprises to use
end-to-end encrypted tunnels.  If the firewall, etc., is not trusted with
the cryptosystem, then it can't do address translation involving such
things as TCP checksums.

Widespread deployment of IPsec, as I understand it, is likely to increase
greatly the need for public address space.






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.