[asterisk-biz] Re: Verizon Interconnection
alex at pilosoft.com
alex at pilosoft.com
Sun Jun 10 11:53:35 MST 2007
On Sat, 9 Jun 2007, Matt wrote:
> Christopher,
> I understand exactly what you are saying.... but let's think about this for
> a moment.
>
> If the networks we are stitching together have all public IPs, then either
> one of two things is happening.
>
> 1 - You can't access the IPs from the Internet, so they aren't really
> public....they are from the public pool, and are depleting the limited
> supply for IPs, but they aren't public, therefore they should be private
> IPs.
>
> 2 - You can access the IPs from the Internet, therefore, there is no need
> for a VPN.
>
> You should never never never NEVER use public IPs behind a firewall (unless
> they can be accessed from the Internet). To put a public IP behind a
> firewall where it can't be accessed is a waste of IP space, and asking for
> routing problems.
You are on &@*#($&*#$ crack, that's why you can't get your VZ
interconnect to work.
a) You can, and occasionally should, use public space on a network that's
not connected to public Internet. You *can* request IP space from ARIN or
other RIRs for specifically those purposes. Reasons can be: 1) you may
need to connect to internet later without renumbering 2) so you can
connect two private networks tomorrow without risk of conflict. Read
RFC1918, 'disadvantages' part.
b) Just because you are running IPSEC, it doesn't mean you have to have
private IP space on either side. It doesn't mean you have to run it in
"tunnel" mode. The purpose of IPSEC is to encrypt live traffic, without
need for additional IP addresses or tunnels or whatever.
Hire someone who knows what they are doing.
-alex
More information about the asterisk-biz
mailing list