Imagine the sceanrio, customer calls ISP, " hey I cant connect to my work VPN through your connection", ISP, "Ahah, you need our business service, not the $20/m home user service, let me put you through to a business service sales person who'll be happy to take your $50/m, then you'll be able to work from home"
-----Original Message----- From: Crist J. Clark [mailto:crist.clark@attbi.com] Sent: Wednesday, June 12, 2002 1:34 PM To: Stephen Sprunk Cc: nanog@merit.edu Subject: Re: How many protocols...
Stephen Sprunk wrote,
Thus spake "Magnus Boden" <mb@ozaba.cx>
I wouldn't call it an isp if they only allowed tcp, udp and icmp. It should be all ip protocols.
There can be a maximum of 256 of them. The isp shouldn't care what the ipheader->protocol field is set to.
There is at least one ISP here in the US that filters protocol 50 (IPsec ESP). Does that mean they're really not an ISP?
If they are an ISP they are an aggressively clueless ISP. Why on Earth would you block ESP? Some strange marketing ploy to charge more to allow people to use VPNs? Ever heard of transport mode? Does it actually cost them more to move ESP packets than TCP/UDP/ICMP packets? Are they under some mistaken impression ESP would be a bandwidth hog? Do they block GRE (protocol 47)? Do they block Checkpoint's FWZ (protocol 94)? Or any of the other zillion VPN protocols (some which ride over TCP and UDP too)?
Exactly which ISP does this? They deserve some public humiliation for doing something that breathtakingly stupid to their customers. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org