>> the problem is that those simple applications share the same hosts and >> network that the other applications do. if you put devices in the >> network that only solve problems for the simple applications, then you >> get a network that can only run simple applications. >> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > At least, without tunneling/overlays. And that's exactly the kind of > network we now have and will continue to have for the forseeable > future. Moreover, I would claim that NAT is not even the biggest > problem. > > (I'm always perplexed by the semi-annual NAT wars on the IETF list > because rarely are firewalls given comparable billing even though I > suspect they cause far more problems for NOCs. Certainly both they > and NAT boxes cause silent, mysterious failures that cause users to > think the network is broken. Yet *lots* of people want their part of > the network to be a gated community.) > Indeed, NATs aren't the only problem we're facing. Interception proxies and using IP addresses as policy tokens are also huge problems. But it's hard to argue that networks shouldn't have some policy, it's just that we haven't given them better tools to enforce it. And from an architectural perspective, address translation is clearly a dead end. One of the reasons we argue against NATs is not that there aren't other major problems, it's that people haven't managed to get the message on NATs yet. If we can't make the case against NATs within IETF, how can we even begin to address the thornier cases? (of course, what happens is that the thornier cases are used to justify the continued existence of NATs - which is a bit like using the existence of evil to justify doing more evil) > The Internet-of-the-future is shaping up to be a collection of home > and enterprise networks linked by port 443. And I see no reason to > believe that IPv6 is going to change that. > I suppose we should stop trying to design better networks, then? Maybe if everyone who believes that would stop participating in IETF then the dozen or so of us remaining could get some useful work done. :) For what it's worth, there seems to be a long history in the Internet (and other public networks) of bootstrapping new services by tunneling and gateways, which are replaced by more efficient and easier-to-maintain setups once the new service has attracted sufficient demand. Keith _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf