ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Consensus Call (Update): draft-weil-shared-transition-space-request

2011-12-08 14:04:07
from [Michael Richardson] [Permanent Link] 


"Mark" == Mark Andrews <marka(_at_)isc(_dot_)org> writes:

    Mark> This is not a ISP/CUSTOMER problem.  This is a
    Mark> ISP/CUSTOMER/WORK problem.

    Mark> You have the ISP using 172.16/12 You have the customer using
    Mark> 192.168/16 or 10/8 You have WORK using 172.16/12

    Mark> Enterpises have choosen to use 172.16/12 for EXACTLY the same
    Mark> reasons you want ISP to use 172.16/12.  CPE equipment doesn't
    Mark> default to that range.  Both the enterprise and the ISP don't
    Mark> want to clash with the employee/customer.

It's not in general a problem unless the tunnel to work is terminated on
the CPE device itself.    For the normal case, the *DEKSTOP/LAPTOP*
terminates the VPN, and so it sees CUSTOMER and WORK prefixes, while
CPE device sees CUSTOMER and ISP prefixes. WORK sees WORK and Public-IP
prefixes.

In the case where the VPN is terminated on the CPE device, I claim three
things: 
  a) customer/WORK is sophisticated and can communicate about problem.
  b) the CPE device already has a public IP on the outside, the ISP
     should not renumber it.
  c) the CPE device can be given a host route for it's default gateway,
     and it has no reason to talk to any other host in the ISPs CGN
     network anyway.

(Openswan installs a host route via the old default route for ESP
traffic, and a pair of 0.0.0.0/1 and 128.0.0.0/1 routes through the
tunnel if you are extruding.  This avoids removing the default route...)

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr(_at_)sandelman(_dot_)ottawa(_dot_)on(_dot_)ca 
http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition.

Attachment: pgpCYpLVoUFao.pgp
Description: PGP signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Errata against RFC 5226 rejected, Fred Baker
Next by Date:  Re: Consensus Call (Update): draft-weil-shared-transition-space-request, Michael Richardson
Previous by Thread:  Re: Consensus Call (Update): draft-weil-shared-transition-space-request, Måns Nilsson
Next by Thread:  Re: Consensus Call (Update): draft-weil-shared-transition-space-request, Chris Donley
Indexes:  [Date] [Thread] [Top] [All Lists]