[125954] in North American Network Operators' Group
Re: the alleged evils of NAT,
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Apr 27 14:47:03 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4BD72386.6010303@matthew.at>
Date: Tue, 27 Apr 2010 11:41:05 -0700
To: matthew@matthew.at
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 27, 2010, at 10:48 AM, Matthew Kaufman wrote:
> Andy Davidson wrote:
>> On Tue, Apr 20, 2010 at 11:29:59AM -0400, John R. Levine wrote:
>> =20
>>>> Did you use Yahoo IM, AIM, or Skype?
>>>> =20
>>> Yes, yes, and yes. Works fine.
>>> =20
>>=20
>> What about every other service/protocol that users use today, and =
might be invented tomorrow ? Do & will they all work with NAT ?
>> =20
>=20
> Anyone inventing a new service/protocol that doesn't work with NAT =
isn't planning on success.
Respectfully, I disagree. There are many possible innovations that are =
available in a NAT-less world and it is desirable to get to that point =
rather than hamper future innovation with this obsolete baggage.
>> Do many others work as well or act reliably through NAT ?
>> =20
> Yes.
In reality, it's more like some yes, some not so much.
>> Will it stop or hamper the innovation of new services on the
>> internet ?
>> =20
> Hasn't so far.
Here I have to call BS... I know of a number of cases where it has.
>> The answer to these questions isn't a good one for users, so
>> as the community that are best placed to defend service quality
>> and innovation by preserving the end to end principal, it is our =
responsibility to defend it to the best of our ability.
>> =20
> Firewalls will always break the end-to-end principle, whether or not =
addresses are identical between the inside and outside or not.
Yes and no. Firewalls will always break the idea of global universal =
end-to-end reachability.
The do not break the end-to-end principle except when NAT is involved.
The end-to-end principle is that the original layer 3+ information =
arrives at the layer 3 destination un-mangled by intermediate devices =
when it is a permitted type of traffic. Blocking unwanted flows does not =
break the end-to-end principle. Maiming and distorting data contained in =
the datagram, including the headers, on the other hand does break the =
end-to-end principle.
>> So get busy - v6 awareness, availability and abundancy are
>> overdue for our end users.
>> =20
> Maybe. Most of them are perfectly happy.
>=20
This word Most, it does not mean what you appear to think it means.
Owen
