Re: IPv6 addresses really are scarce after all

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thus spake "Mark Andrews" <Mark_Andrews@xxxxxxx>
>>>>> "Keith" == Keith Moore <moore@xxxxxxxxxx> writes:

    >> Fourth, lots of folks (me included) happen to find it
    >> convenient to use NAT between my site/house/office and my
    >> upstream provider.
    Keith> do you also find it "convenient" that NAT has effectively
    Keith> thwarted the deployment of huge numbers of new
    Keith> applications, significantly raised the cost of deploying
    Keith> others, and harmed the reliability of all applications?

I find the tradeoffs work in favor of NAT; I expect this to be true
both for V4 and V6.

Try tftp booting two devices from behind a NAT w/o a tftp
ALG.

Yes this is a obscure case but is is a perfect example of
why NAT is evil.  Things that just should work fail and
there is no end user fix.

With a plain firewall you can add rules to let the reply
traffic through.

With a NAT you have to choose which device gets to boot as
you can't port forward both sets of replies.

It works just fine; I have thousands of customers that do it every day behind cheap CPE NAT boxes. Perhaps they have TFTP ALGs, but I doubt it given they can't even handle FTP or DNS right in many cases.

I agree NA(P)T is an evil hack, and I'd love to see it go away, but this is not a valid example of its evilness.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]