On Jan 22, 2007, at 10:49 AM, Jeroen Massar wrote:
But which address space do you put in the network behind the VPN?
RFC1918!? Oh, already using that on the DSL link to where you are VPN'ing in from..... oopsy ;)
Actually, NBD, because you can handle that with a VPN client which does a virtual adaptor-type of deal and overlapping address space doesn't matter, because once you're in the tunnel, you're not sending/ receiving outside of the tunnel. Port-forwarding and NAT (ugly, but people do it) can apply, too.
That is the case for globally unique addresses and the reason why banks that use RFC1918 don't like it when they need to merge etc etc etc...
Sure, and then you get into double-NATting and who redistributes what routes into who's IGP and all that kind of jazz (it's a big problem on extranet-type connections, too). To be clear, all I was saying is that the subsidiary point that there are things which don't belong on the global Internet is a valid one, and entirely separate from any discussions of universal uniqueness in terms of address-space, as there are (ugly, non-scalable, brittle, but available) ways to work around such problems, in many cases. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice Technology is legislation. -- Karl Schroeder