On Wed, 18 Jun 2003 22:19:12 PDT, Eric Rescorla said:
> You've got it absolutely backwards. The fact that the NAT breaks applications
> that I don't want to run anyway is a FEATURE, not a bug.
And the fact that NAT breaks things that you DO want to run is a <?>
> > And unfortunately, a lot of the Just Does Not Work stuff are applications > > like H.323 and VOIP that Joe Sixpack actually *might* be interested in. > > Ah, the eternal lament of the technocrat who can't understand why the > customers don't want what he knows is so obviously good for them.
No, the lament of a technocrat who can't deploy things that customers DO want because NAT breaks them.
Find a user. See if they'd be interested in video or voice over IP. Watch them say "ooh... that sounds cool". Then tell them it would be unreliable and you could only use it to talk to other users some of the time, because a lot of users are on these things called NATs, and watch enthusiasm wane.
Find innovative company that finds a way to make VOIP work across NAT boxes. Watch them collect lots of customers (example: www.vonage.com).
The NAT working group produced a number of documents. Some explained the limitations, while one explained to application writers how to live in the real world that includes NATs. Read RFC 3235.
A $50 NAPT box (using terminology from the NAT WG's terminology RFC) provides sufficient firewalling and purposeful interruption of applications for the typical DSL or cable modem user. It runs somewhere OTHER than on the user's computer, so when a virus gets in and tries to disable the user's firewall software, less damage is done.
If you have users who want/need services that you can't manage to make function over NAT, then buy those folks a higher grade of access. The reality of the marketplace is broadband connections generally have inexpensive NAPT/router boxes. That's been driven by the economics of the service model. In great measure the service agreement with broadband vendors also stipulates users are not permitted to run servers. If you don't like the model, buy service elsewhere.
Sadly, the IETF seems to find ways to generate immense amounts of heat over NAT, while sticking its collective head in the sand with regards to activity in the marketplace. If the organization wishes to retain ANY relevance, it will have to find a way to deal with reality.