Lars-Erik, > > From: Michel Py [mailto:michel@xxxxxxxxxxxxxxxxxxxxxxxxxxx] > > Unfortunately some protocol purity zealots still have to realize > > that Linksys, Netgear, Belkin and consorts don't sell NAT boxes > > because they think NAT is good, they sell NAT boxes because > > consumers want to buy them. > > I do not think consumers in general want to buy NAT boxes, but > they are forced to do so by ISP's who do not give them a choice. We're over-analyzing things. The last 3 WLAN APs I bought had NAT on by default; 2 of them it was impossible to turn this off. I got into long discussions with tech support who were telling me it is impossible to design a WLAN AP-router combo that didn't NAT. My DSL provier offers me 5 DHCP address for free (consumer grade connection) and my mobile carrier is now using real IP address for GPRS (they had too many problems caused by NATed IP addresses). In practice, I've needed to power-cycle these NAT boxes every few weeks, to clear out the garbage. The most common things most ISP tech support lines are "unplug your router/AP/box", count to 60 and plug it back in. However, if I am just a normal user, go to Best Buy and pickup a home WLAN Access Point, I'll have a NAT by default. There is no "NAT inside" logo on the box, nor are there clear instructions on how to turn this off. Vendors have turned NAT on by default because it is easier for them; not because the market has asked them to. As for reference, my local paper started, computer stores started advertising "NAT firewalls" around 1998-99. When NATs first came to a the market, the marketing message was that NATs provided a security feature. Still, I have far too many tech support discussions where there is common confusion between NAT & firewall features. I don't think it is really intellectually honest to say the market has chosen NATs because it is what they wanted - it is a band-aid fix for a couple of different problems, which it kind of solved, but creates some ugly side effects. To get around these side effects, people are deploying ALRs, B2BUA and SBCs to help fix the side-effects (and to do other things). Human nature being what it is, we'll probably keep applying these quick fixes, until it gets far to messy and someone comes in and wipes these away with a new solution. Circuit switching, ATM, ISDN, etc. all have been useful for some solutions - but when you try to go beyond what they have been designed for, you tend to have to apply patches and hacks to get things working. John _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf