[asterisk-biz] Re: Verizon Interconnection

Nick Seraphin asterisk at eaglequest.com
Sat Jun 9 10:53:10 MST 2007 


On Sat, 9 Jun 2007, Matt wrote:

> Christopher,
> I understand exactly what you are saying.... but let's think about this for
> a moment.
> 
> If the networks we are stitching together have all public IPs, then either
> one of two things is happening.
> 
> 1 - You can't access the IPs from the Internet, so they aren't really
> public....they are from the public pool, and are depleting the limited
> supply for IPs, but they aren't public, therefore they should be private
> IPs.
> 
> 2 - You can access the IPs from the Internet, therefore, there is no need
> for a VPN.
> 
> You should never never never NEVER use public IPs behind a firewall (unless
> they can be accessed from the Internet).   To put a public IP behind a
> firewall where it can't be accessed is a waste of IP space, and asking for
> routing problems.


Well, for one thing, a VPN is usually used to encrypt communication
between 2 networks over the internet.  Whether each side is public IP
space or not is irrelevant.  Are you saying SSL/web servers shouldn't be
on public ip space either?

Second, VPN's (with or without encryption) are often used to tunnel
certain IP addresses between locations.  For example, some companies set
up their servers to only allow access from certain static ip addresses or
netblocks, for security purposes.  A remote user, even if on a public ip
network, cannot just start using/routing ip's out of the main office's ip
block.  So they can use a VPN tunnel between the 2 public networks, so
that they can use a "main office network" ip address on their machine,
even when they are physically located somewhere else.

Those are just 2 examples, there are probably a lot more out there.  Using
a VPN between two public networks is often desired and/or required.  In
fact, I just thought of a third common use... renumbering ip space and/or
moving physical locations.  Sometimes you need an ip block to work in 2
different physical locations at the same time, yet still be public ip
addresses.  A VPN can help accomplish this, by tunneling all traffic back
thru the old location before it gets to the internet.

A VPN isn't just for connecting a private network to the internet...  a
VPN is used to link two remote locations together so that they basically
function as a single network, routing wise, sometimes with encryption.  At
the same time, those networks can function independently as separate,
public networks connected to the internet if so desired.

-- Nick

More information about the asterisk-biz mailing list