On 12/2/11 13:31 , Warren Kumari wrote:
On Dec 2, 2011, at 1:51 PM, Joel jaeggli wrote:
On 12/2/11 09:59 , Michael Richardson wrote:
Ted, your response does not address what I said at all. Not
one bit. Let's assume that *every* enterprise used every
last address of 172.16/12 (and, for that matter ever bit of
1918 space). That's irrelevant and still does not address my
question. The question is whether these addresses are used
BY EQUIPMENT THAT CAN'T NAT TO IDENTICAL ADDRESSES ON THE
EXTERIOR INTERFACE. I am happy to accept an answer of, "Yes,
all 1918 address space is used by such equipment", but
nobody, including you, has actually said that.
one reason enterprises use 172.16/12 for stuff is because that way,
when their VPNs come up with people's residents, they do not immediately
conflict with the LAN at the home/coffee shop, etc.
realistically a sufficiently large enterprise uses all of rfc 1918 in
one form or another...
But (also realistically) a "sufficiently large enterprise" that uses all of
RFC1918 is not going to be sitting behind a CGN...
it's employees are probably sitting behind many of them, but no it's
ip/ssl-vpn termination platform is not.
W
you're counting on to some extent the more
specific route associated with the subnet leaving the covering vpn route
unclobbered. sometimes however heroic work-arounds are required.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf