Re: myth of the great transition (was US Defense Department forma lly adopts IPv6)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

    > From: Bob Braden <braden@ISI.EDU>

    > Today, one must unfortunately question whether universal connectivity
    > can be sustained (or is even the right goal) in a networking
    > environment without universal trust. Maybe NATs are, in fact, a result
    > of a very deep problem with our architecture.

My take is that NAT's respond to several flaws in the IPv4 architecture:

- 1) Not enough addresses - this being the one that brought them into
	existence.
- 1a) Local allocation of addresses - a variant of the preceeding one, but
	subtly different; NAT's do allow you to allocate more addresses
	locally without going back to a central number allocation authority,
	which is very convenient.
- 2) Easy renumbering when switching ISP's - a benefit that only was realized
	later in time, but a significant one all the same - especially for
	those people who reckon that switching addresses is a really painful
	undertaking.

I don't really believe the rationale that they are useful as a firewall. For
one thing, most NAT boxes includes a real firewall (i.e. packet filtering
separate from the NAT functionality). I think that even if we had plenty of
addresses, people would still install boxes with firewall functionality at
the edges of their networks.

Which gets to your original point - "whether universal connectivity .. is
even the right goal .. in a networking environment without universal trust".
Which is an interesting and complex point, but I think one we can put off to
a separate discussion, because I think it's unrelated to the reasons that NAT
boxes have been a success. (It's also good to put if off because including it
will muddy the discussion water.)


    > If you accept that, then there is no point in attacking NATs until you
    > can propose a better architectural solution to the trust problem
    > (hopefully, there will be one!)

Well, not so much the trust problem, because I don't think that's what drove
NAT. But your basic point is a good one.

I think that if you look at the points I listed above, the market has clearly
decided that IPv4+NAT (for all its problems, with which people are I'm sure
reasonably familiar, given the many years NAT has been in service widely) is
the most cost-effective solution to providing them. The IETF really needs to
sit and ponder the implications of that.

	Noel
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]