Re: the evilness of NAT-PT, was: chicago IETF IPv6 connectivity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> the problem is that those simple applications share the same hosts and
>> network that the other applications do.  if you put devices in the
>> network that only solve problems for the simple applications, then you
>> get a network that can only run simple applications.
>>     
>       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> At least, without tunneling/overlays. And that's exactly the kind of 
> network we now have and will continue to have for the forseeable 
> future.  Moreover, I would claim that NAT is not even the biggest 
> problem.
>
> (I'm always perplexed by the semi-annual NAT wars on the IETF list 
> because rarely are firewalls given comparable billing even though I 
> suspect they cause far more problems for NOCs.  Certainly both they 
> and NAT boxes cause silent, mysterious failures that cause users to 
> think the network is broken.  Yet *lots* of people want their part of 
> the network to be a gated community.)
>   
Indeed, NATs aren't the only problem we're facing.  Interception proxies
and using IP addresses as policy tokens are also huge problems.  But
it's hard to argue that networks shouldn't have some policy, it's just
that we haven't given them better tools to enforce it.   And from an
architectural perspective, address translation is clearly a dead end. 
One of the reasons we argue against NATs is not that there aren't other
major problems, it's that people haven't managed to get the message on
NATs yet.  If we can't make the case against NATs within IETF, how can
we even begin to address the thornier cases?  (of course, what happens
is that the thornier cases are used to justify the continued existence
of NATs - which is a bit like using the existence of evil to justify
doing more evil)
> The Internet-of-the-future is shaping up to be a collection of home 
> and enterprise networks linked by port 443.  And I see no reason to 
> believe that IPv6 is going to change that.
>   
I suppose we should stop trying to design better networks, then?  Maybe
if everyone who believes that would stop participating in IETF then the
dozen or so of us remaining could get some useful work done.  :)

For what it's worth, there seems to be a long history in the Internet
(and other public networks) of bootstrapping new services by tunneling
and gateways, which are replaced by more efficient and
easier-to-maintain setups once the new service has attracted sufficient
demand.

Keith


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]