Re: NAT's (was MBONE access?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

    > From: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>

I am generally in agreement with your comments, but I have a few quibbles:


    >> NAT is the big bad dog here, that is what breaks the end to end
    >> connectivity.

    > The core architecture is NOT end-to-end, that is a political shiboleth
    > that has been imposed later.

Actually, back in the dark/golden ages (i.e. before there was SPAM, viruses,
etc - not to mention lots of money), it *was* an end-end network. IP packets
flowed unmolested/unrestricted/unmodified pretty much everywhere. We fell
from that state of grace many moons ago.

It's unfair to blame to the loss of end-end on NAT boxes alone. There are a
number of forces which drove against that - and I just listed some of them
above. Firewalls damage end-end - and firewalls are her to keep sites secure.
My home ISP won't let in TCP SYN's for SMTP and HTTP - because they want more
money out of me before they will let me run servers. Etc, etc, etc.

In general, there's what Clark et al called "tussle", in a paper that everyone
should check out:

    http://www.acm.org/sigs/sigcomm/sigcomm2002/papers/tussle.pdf

in which it turns out to not be in the interests of a number of players to
allow unrestricted end-end - and these forces will exist even without NAT
boxes.


    > As for IPv6, the only feasible way to deploy it is by co-opting those
    > NAT boxes.

Ah, you just correctly observed that:

    > In case you had not noticed there are now tens of millions of NAT
    > devices in use.
    > ...
    > The NAT war has been over for years, NAT won.

That's now *installed base*. The average home owner isn't interested in going
out and buying a new NAT box, or downloading and reblowing the EEPROM code.
We're stuck with the current braindamaged NAT functionality, alas.

The time to do something useful, in terms of making NAT lemonade, would have
been 5-8 years again, when it was obvious that NAT was going to happen. Had
the IETF moved adroitly, we could have had something useful out in the field
now. However, for a variety of reasons, one of which is, as you correctly
observed:

    > IETF still has not come to terms with that fact.

the IETF's NAT phobia, along with the general ludicrousness of any sentence
that includes "IETF" and "adroit motion" in it, it didn't happen.

"Having done what men could, they suffered as men must." - Thucydides.

	Noel
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]