Re: [arin-announce] IPv4 Address Space (fwd)

[Leo Bicknell <bicknell () ufp org>]

In a message written on Wed, Oct 29, 2003 at 09:35:13AM -0600, Kuhtz, Christian wrote:
> Simply ignoring present reality isn't a globally wise solutions.  Hence we
> have broken VPN products incapable of dealing with NAT.  Some are capable of
> dealing with NAT just fine, and are readily available.  Enough said.

The danger here isn't that it can be made to work, but that as
network operators we are driving application vendors to a very
dangerous lowest common denominator.

The VPN people have already figured out:

  A) The technology must run over a TCP connection that encodes no
     local endpoint information so it can pass through NAT.

  B) The technology must be able to run on TCP port 80 to bypass
     overly restrictive filters.

Other applications are doing the same.  Many of the file sharing
services can already meet both of these points.

The end result is that in the near future it will be much harder,
or impossible for network operators to collect statistics based on
traffic type or to filter particular types of traffic without being
able to dig into the payload itself and see what type of traffic
is passing.

Some people see this as a problem, some do not.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org

Attachment: _bin
Description: