me thinks this requires out of box thinking. <willing suspension of disbelief> Invert the RFC1918 recommendation... e.g. All public interconnections will be assigned from the RFC 1918 space, which assignments will be managed/recorded at the NRO. (I posit there are fewer than 1m BGP associations in the public Internet, hence net 10 is a fine choice) Everyone will NAT from their space into the public net (net 10) and then they can use the non-RFC1918 space behind their NAT. For all intents an purposes, that the remainder of the IPv4 space. or the functional equivalent of a /32 in IPv6 space. then there will more than enough IPv4 space for folks to use, less requirement to interact w/ pesky RIRs, and a smooth transition to IPv6, (if required) YMMV of course. --bill On Fri, Feb 16, 2007 at 09:01:17AM -0500, Joe Abley wrote:
On 15-Feb-2007, at 19:05, Jonathan Woolley wrote:
"[Vendor] charges [country] $[lots] to enable NAT on the great firewall. They decide to go with iptables instead"
Ah, but they'd need more than one NAT -- RFC1918 + numbers allocated already isn't enough space (or if it is now, it will run out before too long).
They'd need layers of NAT, in the grand tradition of enterprise networking, which would have the consequence of breaking much edge-to- edge communication within the giant campus, and turning the domestic Internet into a vehicle whose primary utility is interaction with services hosted in other countries.
That doesn't sound like a likely ambition for [country] to me (even given that [vendor H] is under the effective control of [country], and hence that cost of deployment is unlikely to be a great problem).
=)
It's an interesting problem, though. If you ran an enterprise with 23 million employees, and an ever increasing number of them needed a permanent connection to the Internet, what would you do? On that scale, and given a certain amount of centralised control of content and infrastructure, what looks more expensive? NAT or IPv6?
Joe
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog