It is what cisco calls IP overloading. It is where multiple off-net
addresses share a single public IP. The router keeps track of the full
socket in order to remember which off-net address gets which incoming
packets. Cisco refers to NAT as having a one-to-one relationship between
off-net and
Ya know, I used to work at EDS. One day, a guy sent a message to a
distribution list rather than to the specific person that they meant to. It
was some sales guy, so immediately, people start sending these angry "don't
spam me, remove me from your list..." messages in reply. The problem is,
Encryption will be offloaded to the network interface. ASICs on the NICs
will greatly improve encryption and authentication performance. It won't
run over the Internet because of latencies inherent on the public network.
It will run over incredibly fast Packet over SONET Wide Area
Encryption will be offloaded to the network interface. ASICs on the NICs
will greatly improve encryption and authentication performance.
all well and good, provided that this encryption and authentication
are actually compatible with that specified by higher level protocols
and the
Odd.. I thought we had a clue about security. The guys at SANS just
gave us a 'Technology Leadership Award'. I just walked across the hallway,
and I didn't see any firewall in our router swamp.
I guess because we don't have a firewall, we don't have a clue. Or because
we don't have a firewall,
Experience tells us that although we can design and specify for
"intra-nets", people will insist on using the results over the public
internet. Pretending this will not happen is akin to burying ones head in
the beach sand when one has heard a report of a large wave heading for the
beach.
IPv6 has NO authentication capability not already shipping for IPv4,
speaking as the person who designed both AH and ESP. Marketing aside,
there is nothing in IPv6 that makes it more easily secured than IPv4.
Both support AH and ESP. Deployed ISAKMP/IKE support IPv4, but might
not support IPv6.