On 2011-08-04, at 6:43 PM, Owen DeLong <o...@delong.com> wrote: > > On Aug 4, 2011, at 2:55 PM, Dan White wrote: > >> On 04/08/11 14:32 -0700, Owen DeLong wrote: >>> >>> On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote: >>> >>>> ----- Original Message ----- >>>>> From: "Owen DeLong" <o...@delong.com> >>>> >>>>> On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote: >>>>> >>>>>>> - Generic consumer grade NAT/Firewall >>>>>> >>>>>> Hobby horse: please make sure it support bridge mode? Those of us who >>>>>> want to put our own routers on the wire will hate you otherwise. >>>>> >>>>> Why? As long as it can be a transparent router, why would it need to >>>>> be a bridge? >>>> >>>> Ask a Verizon FiOS customer who wants to run IPv4 VPNs. >>>> >>>> He didn't say IPv6 only, right? >>>> >>>> I have a couple of customers who can't get bridge mode on residence FiOS >>>> service, and therefore can't run their own routers to terminate IPsec. >>>> >>> If they could get routed static IPv4 rather than bridge, why wouldn't they >>> be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. >>> That would mean no NAT and routed static IPv4. >> >> For residential use, for users currently requesting one public address, >> that's a waste of a /30 block (sans routing tricks requiring higher end >> customer equipment). Multiply that by the number of residential customers >> you have and that's bordering on mismanagement of your address space. >> > You say waste, I say perfectly valid use. > >> If you're dealing with business customers, then your usage versus wasted >> ratio is much higher and less of a concern, but what's the point? Are you >> trying to cut down on a large broadcast domain? >> > Why is it less of a waste to allocate a /30 to a business using a single > public > IP than it is to a residence? This makes no sense to me. > > I simply prefer the additional troubleshooting and other capabilities given > to me in a routed environment in most cases. > > Owen >
Realistically, how many home Internet consumers terminate IPSec VPNs? It seems kind of silly to engineer a network around a tiny fraction of less than 1% of the population, doesn't it?
