Eric Rescorla [mailto:ekr@rtfm.com] wrote: >> similarly, people who install NAT usually don't realize how much this >> costs them in lost functionality and reliability. >Really? You have evidence of this? >I don't either, but my intuition is that you're wrong. Once you have >decided to have a firewall in place (which you may think is evil, but >I consider pretty much a necessary evil), I suspect that most people >suffer almost not at all from having a NAT. I believe that Eric is pointing out an important point: many deployments of NATs have nothing to do with IPv4 address conservation. Rather, they are firewall adjuncts implemented to hide internal networks from outside scrutiny and direct access. One point where I disagree with my IPv6-advocating friends is that I expect firewall-related NATs to continue to be deployed within Internet (including IPv6) environments until such a time as real-time-protocol and peer-to-peer-protocol friendly "distributed firewall" (policy zones) variants become the preferable "due diligence" alternative for CIOs.