This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] Renumbering sites (Was: Just say *NO* to PI space -- or how to make it lessdestructive)
- Previous message (by thread): [address-policy-wg] Renumbering sites (Was: Just say *NO* to PI space -- or how to make it lessdestructive)
- Next message (by thread): [address-policy-wg] Renumbering sites (Was: Just say *NO* to PI space -- or how to make it lessdestructive)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jørgen Hovland
jorgen at hovland.cx
Tue Apr 25 19:51:32 CEST 2006
Pardon me for saying, but all of this is bollocks. Renumbering is as easy as you want it to be. Make a proper policy and then create the tools for it. It is that easy. I am sure we can discuss poorly designed solutions any (other) time. I support proposal 2006-01. j -----Original Message----- From: address-policy-wg-admin at ripe.net [mailto:address-policy-wg-admin at ripe.net] On Behalf Of Michel Py Sent: 25. april 2006 17:44 To: Jeroen Massar Cc: address-policy-wg at ripe.net Subject: RE: [address-policy-wg] Renumbering sites (Was: Just say *NO* to PI space -- or how to make it lessdestructive) > Wilfried Woeber wrote: > Why does the laptop store the *addresses* instead of an (FQ)DN? Mine is configured that way because I want to be able to get in remotely in case of a DNS failure so I can fix the DNS :-D Other reason: VPNs based on FQDNs have a tendency to timeout, especially at the first attempt from a remote location (because the FQDN is not cached and has to go up to the root). Also DNS requests go over UDP, which is unreliable. It happens all the time that Joe Blow traveling somewhere reports the next day that he could not check his email or download the sales report because the VPN was not working (because Joe either is not smart enough to retry or finds it a good excuse to go to the bar instead). Next time he goes out the VPN is configured with the hardcoded IP address of the VPN server. In the end, it does not matter why. It's out there, and has to be dealt with. > Jeroen Massar wrote: > Renumbering is *NOT* simple and *CAN't* be automated (no remote > company will allow you full automatic access to change things in > their setup, think firewall rules for instance...) Indeed. Even if they did, it would be logistically impossible. I'm currently configuring an IPSEC tunnel going to a very large corporation. There are thousands of tunnels, configured on every router brand and model man has ever made; each is unique. An automated tool to change this is not in the realm of possible. This leaves the large company with having to deal with thousands of different people with issues such as half of the techs that originally configured the thing are no longer there, nobody remembers the router's password, etc. Renumbering any sizeable organization is _always_ a very costly proposition. It requires allocating valuable resources for weeks to prepare and more to carry. Plus, in any renumbering I have done some issues popped out for weeks after the renumbering. Renumbering generates a steady flow of trouble tickets that require more resources to deal with _and_ make the network guys look like idiots. Only rookies that have never been in the trenches in the real world consider renumbering easy. Most of the more experienced network managers out there will tell you this: I don't want to go through this again. Michel.
- Previous message (by thread): [address-policy-wg] Renumbering sites (Was: Just say *NO* to PI space -- or how to make it lessdestructive)
- Next message (by thread): [address-policy-wg] Renumbering sites (Was: Just say *NO* to PI space -- or how to make it lessdestructive)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]