Date: Mon, 12 Mar 2001 23:02:03 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Bob Van Valzah" <Bob@Talarian.Com>, "pW" <packetwhore@stargate.net> Cc: <FreeBSD-Security@FreeBSD.ORG>, <FreeBSD-Questions@FreeBSD.ORG> Subject: RE: Racoon Problem & Cisco Tunnel Message-ID: <000801c0ab8b$81d99ca0$1401a8c0@tedm.placo.com> In-Reply-To: <3AACF40D.4080504@Talarian.Com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bob Van Valzah >Sent: Monday, March 12, 2001 8:07 AM >To: pW >Cc: FreeBSD-Security@FreeBSD.ORG; FreeBSD-Questions@FreeBSD.ORG >Subject: Re: Racoon Problem & Cisco Tunnel > > >Yes. The five DSL setups with which I'm familiar all grant at least one >public address per house. I believe all are static, but one might be >dynamic. Interference with protocols like IPSec is one of the reasons >why I'd make a public address a requirement when choising a DSL >provider. When it comes to NAT, I'm with Vint Cerf--avoid it if at all >possible. Let's hasten the deployment of IPv6. > I'd agree with you if everyone that would have to do a renumber of a large network from IPv4 to IPv6 had Vint Cerf's money. When your retired like him with money coming out your arse-hole you can afford to make irresponsible statements like that. Unfortunately, what people like him don't understand is that the burden of renumbering the fabric of the Internet from IPv4 to IPv6 will fall largely on people like me - who have thousands of customers and tens of thousands of public IP numbers spread out among all of them - and who don't have the money to support something this audacious. I can almost guarentee that whatever ISP that I am working for when this finally happens is going to go out of business, all it's going to do is put thousands of smaller to medium-sized ISP's into bankruptcy and let people like AOL who have money coming out their arse-holes virtually monopolize Internet access in the world. Until I see the large organizations with Class A's tied up, give up those numbers back to the pool, I'll fight any attempt to move from IPv4 to IPv6, and most other ISP's that are out there are going to fight it as well. In the meantime I'm pushing all my customers into using NAT. NAT is here to stay and people that run around calling it an aberration are just proving to the rest of us that they have absolutely no business sense. NAT has proven itself reliable and vital and idiot engineers that design TCP protocols that assume everyone has a public IP number are just architecting their own failures, and their protocol's subsequent minimizing by the market. I have some sympathy for protocols like IPSec that came to be during the same time - but organizational-to-organizational IPSec tunnels don't have to pass through the NAT - they can terminate on it. But, anyone doing a new protocol today is a fool if it can't work though a NAT. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c0ab8b$81d99ca0$1401a8c0>