Keith Moore <moore@cs.utk.edu> writes:
> > > the evidence I have is from reading vendor advertisements for NAT
> > > boxes, and from talking to people who run networks that use NAT.
> > > it's not a random sample, perhaps not a statistically significant
> > > one, but it's been enough to convince me personally that the
> > > delusion is widespread.
> >
> > You can perhaps understand why I wouldn't consider this a particularly
> > convincing line of argument.
>
> of course. but you can perhaps understand why I don't consider your
> intiution to the contrary convincing either?
Yes, but I'm not the one calling widely sold and deployed network
devices "Denial of service attacks".
> depends on the people. the people I work with want to run large-scale
> distributed computing problems. other people want to use SIP to support
> internet telephony or for some other purpose. others want to use
> IPsec... yes there are workarounds for many of these, but they have to
> be invented on a case-by-case basis, and often they're expensive.
I don't know enough about how you're doing your distributing computing
to have an opinion, but as for the other two... In my experience,
IT managers are pretty unhappy punching holes in their firewalls
for incoming SIP and IPsec, whether they run NAT or not. I'm
not sure that NAT is much of an impediment in these cases.
The bottom line here is what economists call "revealed preference".
People buy NATs and install them. I suppose it's possible that all
those people are stupid and the marginal utility of a NAT box is
actually negative, but that seems like a claim that would require some
pretty strong evidence.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
Web Log: http://www.rtfm.com/movabletype