On Sep 19, 2012, at 5:59 PM, Robert Bonomi wrote:
> In the financial and/or brokerage communities, there are internal networks
> with enough 'high value'/sensitive information to justify "air gap"
> isolation from the outide world. 
> 
> Also, in those industries, there are 'semi-isolated' networks where
> all external commnications are mediated through dual-homed _application-
> layer_ gateways. No packet-level communications between 'inside' and
> 'outside'.  The 'inside' apps onl know how to talk to the gateway; server-
> side talks only to specific (pre-determined) trusted hosts for the
> specific request being processed.  NO 'transparent pass-through' in
> either direction.


You're all missing the point in grand style.  If you would stop trying to brag 
about something that nearly everyone has done in their career and pay attention 
to the topic you'd realize what my point was. This is the last time I'm going 
to say this. 

Not only do I know well those networks, I was the admin responsible for the 
largest commercial one (56k routes) in existence that I'm aware of. I was at 
one point cooperatively responsible for a very large one in SEANet as well. 
(120k routes, 22k offices) I get what you are talking about. That's not what I 
am saying.

For these networks to have gateways which connect to the outside, you have to 
have an understanding of which IP networks are inside, and which IP networks 
are outside. Your proxy client then forwards connections to "outside" networks 
to the gateway. You can't use the same networks inside and outside of the 
gateway. It doesn't work. The gateway and the proxy clients need to know which 
way to route those packets. 

THUS: you can't have your own IP space re-used by another company on the 
Internet without breaking routing. Duh.

RFC1918 is a cooperative venture in doing exactly this, but you simply can't 
use RFC1918 space if you also connect to a diverse set of other 
businesses/units/partners/etc. AND there is no requirement in any IP allocation 
document that you must use RFC1918 space. So acquiring unique space and using 
it internally has always been legal and permitted.

Now let's avoid deliberately misunderstanding me again, alright?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



Reply via email to