Sure, using IPv6 for the vpn's address pool would be even better, if the vpn software supports it.
The multiple vpn servers on RFC1918 blocks would be an interim Plan B if using IPv6 were not feasible for some reason. A sysadmin team's lack of knowledge and experience with IPv6 might be such a reason, if the vpn solution needs to be rolled out in the immediate future. On Tue, Jan 13, 2015 at 2:07 PM, Mark Komarinski <mkomarin...@wayga.org> wrote: > IPv6? > > On January 13, 2015 1:29:04 PM EST, Joshua Judson Rosen < > roz...@hackerposse.com> wrote: > >> On January 9, 2015 5:56:43 PM EST, John Abreau wrote: >> > >> >What are your project's needs that explicitly require 4K distinct >> >public >> >addresses and that cannot function using private addresses and NAT >> >instead? >> >> 'Project' is a geographically-distributed tech company with a bunch of >> frequently-mobile sub-networks where at least one end of any given >> 'internal' connection actually needs to be going out from behind someone >> else's network. >> >> There's certainly a chance that, say, our VPN or LAN addresses won't >> conflict with any of the arbitrarily-addressed host networks where the VPN >> endpoints reside, but we'd really rather have a routing scheme that 'will >> work' as opposed to something that 'might work'. >> >> 1k addresses go to a main-office LAN; the rest of them basically go to >> site offices. All of these things have the aforementioned routing >> constraints. >> >> "Just buy a block of IP addresses that are actually guaranteed routable" >> is the solution that I've seen in place at all of my former companies, >> though I've never been the one to make it happen before. >> >> How would you do it? >> >> >On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam <python at venix.com> wrote: >> > >> >> On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: >> >> > Anyone here ever been through the process of procuring an IP block >> >> > from ARIN? >> >> >> >> Actually from my upstream ISP (UUNET) many years ago. I was >> >requesting >> >> a /21. The requirements were essentially the same back then. >> >> >> >> You're requesting 4K addresses. They want to know that 1K will be >> >used >> >> right now and that at least 2K will be in use within a year. If the >> >> only way you can use up that number of addresses is by allocating one >> >> thousand /30's they will turn you down. They are basically looking >> >for >> >> individual addresses, but you can count the lost addresses from your >> >> subnet scheme. >> >> >> >> > I'm trying to interpret the requirements they give for an >> >> > "end-user initial assignment", which are: >> >> > >> >> > * provide data demonstrating at least a 25% utilization rate of >> >the >> >> > requested block immediately upon assignment >> >> > >> >> > * provide data demonstrating at least a 50% utilization rate of >> >the >> >> > requested block within one year >> >> > >> >> > .. and maybe I'm just being dense, but it's not entirely obvious to >> >me >> >> > what "utilization rate" actually means here: do they mean >> >"sub-blocks >> >> > allocated to specific subnets with some-definition-of-minimal >> >waste", >> >> > or do they mean "individual addresses actually, specifically >> >assigned"? >> >> > >> >> > >> >> > I'm trying to rationalise a /20 block, because I can't seem to >> >> > partition the space such that I end up with < 50% allocated >> >immediately >> >> > or < 75% allocated over the next year; but if I count up the actual >> >> > nodes that I expect to exist on all of my subnets, those counts are >> >> > definitely short of both the `25% utilization immediately' and >> >> > `50% utilization within one year' figures. >> >> > >> >> > If I'm really supposed to be counting individual addresses >> >> > and not summing subnet sizes, what am I likely to be doing wrong >> >here? >> >> ------------------------------ >> >> gnhlug-discuss mailing list >> gnhlug-discuss@mail.gnhlug.org >> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ >> >> -- John Abreau / Executive Director, Boston Linux & Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/