On Fri Oct 8 17:10:56 2010, Keith Moore wrote:
Except that neither middleboxes in general nor NATs in particular
were a direct result of the decision to adopt IPv6. NATs were not
originally driven by a shortage of IPv4 addresses. In the consumer
market they were driven by what came to be a de facto standard of
one IP address per customer, due partially to this assumption being
widespread within IETF itself. In the enterprise network space
they were initially driven by a misguided notion that having
private addresses would produce better network security. In both
cases the adoption of NATs was largely a consequence of IETF's
failure to produce and adhere to a comprehensive plug-and-ping
autoconfiguration architecture.
Oh, I think there's rather more than that.
Initially, NATs came about because enthusiasts found that it was
prohibitively expensive to get a routed block down a modem - the ISPs
treated you like a business customer, and charged accordingly.
There's nothing the IETF could, or even should, have done to avoid
this, and FWIW, the ISPs got terribly upset with you for using NATs
at the time, and given the very few implementations (Linux IP Masq,
for instance), some were able to detect and filter.
As NATs moved from Linux IP Masq into the mainstream, though, ISPs
simply took advantage of this - it meant that there was no
configration distinction between a single user and a network - and
that's a useful property. In hindsight, this would have been a good
time for the IETF to step in and try to address the actual problem,
but unfortunately consumer networking has never been a strong point
of the IETF - I think largely because few of the stakeholders are
average internet users for obvious reasons.
As NATs drifted into the enterprise, there was a security angle, but
there was also a renumbering angle that still hasn't gone away. This
is, in no small part, because the only way to refer to an arbitary
network is via the addressing - actual hosts are largely dealt with
by a combination of DHCP and DNS. (As a random thought, if there was
a CIDR DNS RR, I wonder if this may help?) There is occasional
rumblings within the IETF to address this, but given NATs have to
some extent removed the bulk of the pain, I'm not sure there's
sufficient motivation to solve all the issues.
So currently, a NAT provides:
- A degree of de-facto firewalling for everyone.
- An immunity to renumbering for enterprises.
- Fully automated network routing for ISPs.
If technologies could be introduced to tackle especially the last
two, I think the advantages of NATs would vanish.
Dave.
--
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf