[ppml] Policy Proposal 2007-6 - Abandoned

[Leo Bicknell]

In a message written on Wed, May 23, 2007 at 08:42:11AM -0700, David Williamson wrote:
> I'll second that thought.  There's nothing notably dificult about
> renumbering, but anywhere you have a direct interaction with another
> organization (and vpns are notorious for this), you're likely to have a
> longer time line for making the change.  When we need to make major vpn
> changes across our customer base, we assume it will take at least 6-8
> months to complete, just to walk all of them through their own internal
> change processes.

I used to think this was a really gross solution, but as the years
go by I see the wisdom.

I've been at several companies where each VPN is done with a /30
between the companies, and a NAT on BOTH sides.  The /30 needs only
be known as a directly connected to the boxes on each side, and can
overlap with any of your internal addresses.   You NAT all communication
to whatever IP you want on the inside of your respective routers.
This obviously requires something that works through NAT, but that's
a lot of things these days.  It offends almost every bone in my body,
but it does work.

However, I think the point several other posters made is important.  We
renumber businesses we purchase all the time.  You need to have plans to
renumber others and renumber yourself.  You need to invest in good DHCP
tools, good DNS tools, and understand how to manage things like static
IP'ed printers.  This is all true even if you're on 1918 space.
Anything else is a business continuity risk.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070523/7cd1b6b4/attachment.sig>