Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!newsfeed.direct.ca!nntp.teleport.com!news.serv.net!solaris.cc.vt.edu!news.mathworks.com!uunet!in3.uu.net!news.artisoft.com!usenet From: Terry Lambert <terry@lambert.org> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: IP Masqerading? Date: Wed, 21 Aug 1996 21:47:43 -0700 Organization: Me Lines: 115 Message-ID: <321BE66F.176B6725@lambert.org> References: <jfortes-1307951117380001@10.0.2.15> <3218B774.3D2754EF@lambert.org> <4vb8r8$lc1@Mercury.mcs.com> <321A058E.7209A8FD@lambert.org> <4vglv5$nq4@Mercury.mcs.com> NNTP-Posting-Host: hecate.artisoft.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.01 (X11; I; Linux 1.1.76 i486) Leslie Mikesell wrote: ] >The work on the ISP side should be nothing more than making ] >a single Sybase (or similar) database entry, if the ISP is ] >competent at all. Like the phone company, the person you ] >call to have you phone "installed" need only modify data ] >tables to activate your phone line. The same is true of ] >routes. ] ] Call up your phone company and see if they'll give you ] a block of 500 numbers for a one-time charge. They will; it's called "selling you a PBX for a trunk line". 8-). Now the question is what they charge for dialtone. Of course, we all know that the telephone company is about to be flat-rated to death by Iphone and related products. 8-). The only place they stick you is message units for distance, or LD carrier access. ] >An ISP who plans on doing this sort of deal more than once ] >would have the task automated. ] ] They still have to maintain the database, and as you need more ] numbers it adds to the memory needed for the routing tables ] unless you renumber everything to keep the range contiguous. ] If you lived in the Chicago area where we've had 2 area code ] splits in the last few years you would realize that this sort ] of thing is painful even for phone companies, and there are ] good reasons for those PBX systems where you can dial out but ] you need an extension number to connect to most inbound calls. I dial phone numbers by numer rather than by the human I want to call. A TCP/IP network, on the other hand, does everything symbolically, if it is configured correctly. It doesn't mattter what number DNS returns. FWIW: In AZ, we just barely has an area code split. Further, the area code is 520. 2 was a formerly illegal didgit in an area code, and if you thing that didn't play hell with things, you're crasy. Finally, our RBOC is US West... 'nuff said. ] >] These days it is fairly hard to get enough addresses to ] >] connect everything let alone put in the subnetting you ] >] want for security/traffic management. ] > ] >The inability to get/not-get address assignments is an ISP ] >lock-in issue. As is the fact that many ISPs purposely ] >structure their domain acquisition such that they own the ] >domain instead of their customers. At a minimum, they can ] >charge a fee to release the domain SOA to another ISP; at ] >maximum, they can lock you into their services if you want ] >to keep the domain. ] ] I've been turned down twice trying to get enough numbers to ] connect up about 600 offices that currently have a satellite ] link using SNA only. Turned down by Internic? What was their rationale? They are the number assigning authority. ] Assuming you don't want inbound connections to most machines, ] I don't see any particular advantage over translating to a ] single external addres. Why should the difference between ] a single machine with many users and many machines with one ] user be visible outside of an organization? It should not. The question is whether it is, when someone on the outside does everything allowed by the RFC's against your "gateway". It's not a problem unless it's misapplied, which it generally is. ] >There is no real shortage of address space; the recent reorgs ] >and class D breakups of ranges have seen to that. IPV6 will ] >in wide use before it becomes an issue again. ] ] What about router memory usage? Is it my imagination or have ] some of the backbone routers become less stable in the last ] few months? That was the reason for the reorgs. You must be talking about SprintNET, or one of the "we will upgrade one router per month" NSP's. The reorg is to get all address branches split out on the same mainline branch to *reduce* the router memeory usage, not to increase it. > SLirP is elegant because it is transparent - you can route any > addresses through it on the client side without any setup. To > the rest of the world it looks (correctly) as though you are > a user on the host machine. However it needs an interface to > associate with the client side of the route. I'm not sure > how it would be different from socks if you could map an > interface instead of a port for the client side of socks (either > a real separate interface or an alias address on an existing > interface where you could point the default route of the clients). I don't think it would be that much different at all, actually, except in terms of knowledge of the client being proxied with the connection. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.