Yeah, but this was the point. Where is the community consensus document that says all this? Spencer ----- Original Message ----- From: "Anthony G. Atkielski" <anthony@xxxxxxxxxxxxx> To: "IETF Discussion" <ietf@xxxxxxxx> Sent: Tuesday, December 02, 2003 6:55 AM Subject: Re: arguments against NAT? > Zefram writes: > > > My question for the list is is there a web page or > > other document anywhere that comprehensively states > > the case against NAT? > > If your new administrator is of the type who fixes things that aren't > broken, it may be the admininistrator that needs replacement, not the > network configuration. > > As you point out, you aren't short on address space (the primary reason > for NAT). Security is not a problem for NAT, since any good netadmin is > going to know how to block and route traffic with routers, firewalls, > proxies, etc., to avoid problems. Too bad if it is time-consuming ... > that's what he is being paid for, so he can't complain. > > Admininstrative convenience is not a reason, either. If admininstration > were that convenient, his position would be redundant. In any case, > restructuring an entire network so that one can spend more time playing > Doom in one's cube is a very poor justification for the operation. > > NAT has obvious disadvantages. The Internet is not designed to address > multiple machines with one IP address, and lots of things will break > when NAT is in place. Incoming machine-specific traffic is the major > problem. Chat and instant messaging services will fail, and there is no > way to get them to work with NAT. Streaming services may fail as well. > NAT can compromise point-to-point security. Overall it's a clever but > nasty kludge that I cannot see implementing if it isn't required. It > works for SOHO configurations with just one public IP address and the > like, but it seems like a very poor idea for any organization that > doesn't have an address shortage. > > > > > _______________________________________________ > This message was passed through ietf_censored@xxxxxxxxxxxxxxxxxxxx, which is a sublist of ietf@xxxxxxxxx Not all messages are passed. Decisions on what to pass are made solely by IETF_CENSORED ML Administrator (ietf_admin@xxxxxxxx).