Re: FTTH CPE landscape

[PC <paul4004 () gmail com>]

IPSEC Not so common.  At least it's easy enough for them to be the
initiator, in most cases, and IPSEC NAT-T works great.

Much more common application would include PC gamers, xbox live, remote
desktop, slingbox, windows home server, and torrents.

Granted, some of these support UPNP (if your router does too...), but others
simply do not do so as easily, or prefer a more static external access
solution.

On Thu, Aug 4, 2011 at 5:08 PM, Dan Armstrong <dan () beanfield com> wrote:

> On 2011-08-04, at 6:43 PM, Owen DeLong <owen () delong com> wrote:
>
> > On Aug 4, 2011, at 2:55 PM, Dan White wrote:
> >
> > > On 04/08/11 14:32 -0700, Owen DeLong wrote:
> > > > On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
> > > >
> > > > > ----- Original Message -----
> > > > > > From: "Owen DeLong" <owen () delong com>
> > > > >
> > > > > > On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
> > > > > >
> > > > > > > > - Generic consumer grade NAT/Firewall
> > > > > > >
> > > > > > > Hobby horse: please make sure it support bridge mode? Those of us
> who
> > > > > > > want to put our own routers on the wire will hate you otherwise.
> > > > > >
> > > > > > Why? As long as it can be a transparent router, why would it need to
> > > > > > be a bridge?
> > > > >
> > > > > Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
> > > > >
> > > > > He didn't say IPv6 only, right?
> > > > >
> > > > > I have a couple of customers who can't get bridge mode on residence
> FiOS
> > > > > service, and therefore can't run their own routers to terminate IPsec.
> > > > If they could get routed static IPv4 rather than bridge, why wouldn't
> they
> > > > be able to terminate IPSec VPNs? Note I did say TRANSPARENT router.
> > > > That would mean no NAT and routed static IPv4.
> > >
> > > For residential use, for users currently requesting one public address,
> > > that's a waste of a /30 block (sans routing tricks requiring higher end
> > > customer equipment). Multiply that by the number of residential
> customers
> > > you have and that's bordering on mismanagement of your address space.
> > You say waste, I say perfectly valid use.
> >
> > > If you're dealing with business customers, then your usage versus wasted
> > > ratio is much higher and less of a concern, but what's the point? Are
> you
> > > trying to cut down on a large broadcast domain?
> > Why is it less of a waste to allocate a /30 to a business using a single
> public
> > IP than it is to a residence? This makes no sense to me.
> >
> > I simply prefer the additional troubleshooting and other capabilities
> given
> > to me in a routed environment in most cases.
> >
> > Owen
>
> Realistically, how many home Internet consumers terminate IPSec VPNs?
>
> It seems kind of silly to engineer a network around a tiny fraction of less
> than 1% of the population, doesn't it?