Re: The gaps that NAT is filling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



margaret@xxxxxxxxxxxxxx (Margaret Wasserman)  wrote on 23.11.04 in <p0602041fbdc8cdee09b3@[192.168.2.2]>:

> The average Internet user (home user or enterprise administrator)
> does not care about the end-to-end principle or the architectural
> purity of the Internet.

Maybe not the average usr, but a pretty large subset *does* care - because  
it makes it extremely hard to do what they want: to make a connection to  
their small business network (behind a dynamic IP) from somewhere else  
(also behind a dynamic IP).

It's possible (using one of a large number of dynamic DNS providers), but  
it is neither obvious nor trivial - in fact, it is hard for them to  
understand even what the problem is.

I just yesterday talked someone through this - a (small) business net  
admin wanting to access that net from home. This was someone who does  
database programming and at least sometimes creates networks for  
customers. And he *still* had a hard time with the consequences of dynamic  
IP and NAT.

No, it's not the majority - but yes, it *is* a pretty significant subset.  
You don't need to be all that far apart from average to bloody your nose  
on this.

> (2) One-way connectivity could be provided via stateful firewalls
> instead of via NAT.

You don't need all that much state for most of the protection. Just  
looking at TCP SYN does cover about 75% of the problem, I'd say, and  
that's completely stateless. (Not to say that the other 25% aren't  
important.)

MfG Kai

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]