On Apr 4, 2012, at 9:39 23PM, David Meyer wrote: > On Wed, Apr 4, 2012 at 6:31 PM, Steven Bellovin <smb@xxxxxxxxxxxxxxx> wrote: >> >> On Apr 4, 2012, at 5:21 35PM, Noel Chiappa wrote: >> >>>> From: Doug Barton <dougb@xxxxxxxxxxxxx> >>> >>>> My comments were directed towards those who still have the mindset, >>>> "NAT is the enemy, and must be slain at all costs!" >>> >>> In semi-defense of that attitude, NAT (architecturally) _is_ a crock - it puts >>> 'brittle' (because it's hard to replicate, manage, etc) state in the middle of >>> the network. Having said that, I understand why people went down the NAT road >>> - when doing a real-world cost/benefit analysis, that path was, for all its >>> problems, the preferable one. >> >> NAT didn't really exist when the basic shape of v6 was selected. > > Perhaps, but that it would happen is obvious (even to the most causal observer). I do not agree. I remember discussing the concept with folks, a couple of years before that; we agreed that NATs would be very challenging because of the need for protocol-dependent packet inspection and modification. Add to that an underestimate of how long it would take before v6 was adopted, and a gross underestimate of how large the Internet would be -- remember, IPng happened before the Web explosion -- and it was very easy to ignore the possibility of NAT, let alone the renumbering and (questionable) firewall benefits of it. In retrospect, sure, but in 1993-1994? It was not at all obvious. --Steve Bellovin, https://www.cs.columbia.edu/~smb