Mark Duffy wrote: > >> How is making sure that different VPNs using unique VPN-IDs different >> than making sure they use non-overlapping private (virtual) IP addresses? > > The customers of the sort we are talking about here are *already* using > overlapping addresses. Unique VPN-IDs can be applied now, after the > fact so to speak, to create unique (VPN-ID + IP address)s. Not only > does it let them continue to use the addresses they are using, it lets > them continue to have private to themselves the complete address space > they have now. The notion of VPN ID seems to be tied to the PPVPN view where your VPNs start and end at the first-hop gateway, and hosts connected to it are part of only one VPN at a given time. Routers have to change to support VPN IDs (but that may be OK), current host implementations just work. Once you extend the notion of VPN to include both hosts and routers, i.e. when your hosts can be part of more than one VPN at any given time, EVERY node will need to be modified to understand VPN IDs. This is when the VPN ID becomes equivalent to an extended, unique, globally managed address space. Lars -- Lars Eggert <larse@isi.edu> USC Information Sciences Institute
S/MIME Cryptographic Signature