Home page logo
/

nanog logo nanog mailing list archives

Re: FTTH CPE landscape
From: Cutler James R <james.cutler () consultant com>
Date: Thu, 4 Aug 2011 22:25:19 -0400


On Aug 4, 2011, at 7:08 PM, Dan Armstrong wrote:


On 2011-08-04, at 6:43 PM, Owen DeLong <owen () delong com> wrote:


On Aug 4, 2011, at 2:55 PM, Dan White wrote:

On 04/08/11 14:32 -0700, Owen DeLong wrote:

On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:

----- Original Message -----
From: "Owen DeLong" <owen () delong com>

On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:

- Generic consumer grade NAT/Firewall

Hobby horse: please make sure it support bridge mode? Those of us who
want to put our own routers on the wire will hate you otherwise.

Why? As long as it can be a transparent router, why would it need to
be a bridge?

Ask a Verizon FiOS customer who wants to run IPv4 VPNs.

He didn't say IPv6 only, right?

I have a couple of customers who can't get bridge mode on residence FiOS
service, and therefore can't run their own routers to terminate IPsec.

If they could get routed static IPv4 rather than bridge, why wouldn't they
be able to terminate IPSec VPNs? Note I did say TRANSPARENT router.
That would mean no NAT and routed static IPv4.

For residential use, for users currently requesting one public address,
that's a waste of a /30 block (sans routing tricks requiring higher end
customer equipment). Multiply that by the number of residential customers
you have and that's bordering on mismanagement of your address space.

You say waste, I say perfectly valid use.

If you're dealing with business customers, then your usage versus wasted
ratio is much higher and less of a concern, but what's the point? Are you
trying to cut down on a large broadcast domain?

Why is it less of a waste to allocate a /30 to a business using a single public
IP than it is to a residence? This makes no sense to me.

I simply prefer the additional troubleshooting and other capabilities given
to me in a routed environment in most cases.

Owen


Realistically, how many home Internet consumers terminate IPSec VPNs?  

It seems kind of silly to engineer a network around a tiny fraction of less than 1% of the population, doesn't it?




It seems kind of silly to engineer a network against a tiny fraction of less than 1% of the population, doesn't it?

James R. Cutler
james.cutler () consultant com




Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]