On Tue, 27 May 2003 05:03:31 -0700 todd glassey <todd.glassey@worldnet.att.net> wrote:
What I dont understand is the need to stay 1:1 routable. Most all of you larger ISP's could have your own private IP Space by simply running a NAT'd infrastructure. Why not do it for all your customers?
umm, because there are protocols (like IPSec) which make end-to-end assumptions that are broken by NAT? yes, IPSec can be gotten through NAT, in some very specific cases, but i have a client who is 1) on ameritech DSL (/29 space allocated) and 2) requires a specifc IPSec setup to communicate with one of their vendors, an IPSec configuration that won't pass through NAT. if Ameritech (the only viable DSL choice in their area) NATed, they'd be SOL, unable to communicate with their vendor. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security