[H-GEN] Network Nasties

Ian Lister s350797 at student.uq.edu.au
Thu Mar 2 01:24:39 EST 2000 

[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

On Thu, 2 Mar 2000, Everist, Geoff wrote:
>Well, tried the traceroute and it was duely routed through about half a
>dozen routers on their network. Sent the results to tech support, and was
>told that in a previous incarnation they offered a VPN service and this is
>why the private addresses where being routed. This does not sound like a
>particularly credible explanation to me (but at least I got some sort of
>answer, which is a start). I would have thought most (if not all) VPNs would
>encapsulate packets with private addresses. There would be no reason for any
>of the routers in the network (except maybe the terminal points of the VPN)
>to route private addresses. Otherwise it would be a PN, not a VPN. I am no
>networking expert, so is this a reasonable assumption?

IIRC this ISP (and probably others) offers VPNs which use private addresses
for both the payload and delivery protocols. In other words yes, the
customers do have their own VPN with private addresses, but this runs on top
of the ISP's network which also uses private addresses (possibly even the
same ones, although this has been known to cause headaches). This is
sometimes promoted as a security feature, in that you can be (fairly) sure
your packets will stay within your ISP's network and so, assuming you trust
your ISP, you don't need to worry about your traffic falling into hands it
shouldn't. On the down side it means the ISP forces you to use them for your
entire VPN, which is awkward to get around when your VPN needs to extend
overseas and their network doesn't (even though they are supposedly part of
a large international group....but I won't stray any further from the
specific topic at hand for fear of tripping over this list's charter).

Ian


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list