[136434] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Feb 3 01:30:20 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <10058800.4297.1296708348990.JavaMail.root@benjamin.baylink.com>
Date: Wed, 2 Feb 2011 22:28:23 -0800
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 2, 2011, at 8:45 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Blake Dunlap" <ikiris@gmail.com>
>=20
>> On Wed, Feb 2, 2011 at 22:34, Jay Ashworth <jra@baylink.com> wrote:
>>=20
>>> I won't run an edge-network that *isn't* NATted; my internal =
machines
>>> have no business having publicly routable addresses. No one has =
*ever*
>>> provided me with a serviceable explanation as to why that's an
>>> invalid view.
>=20
>> Quite simply, its called Tragedy of the Commons. Everyone else has to
>> work harder to provide you services if you are using something which =
breaks
>> end to end connectivity, which costs everyone else money. The =
protocol
>> designers are making a stand against this for the good of the =
"commons".
>=20
> You'll have to document "everyone has to work harder to provide me =
services";
> this is not my first rodeo, and TTBOMK, it's *transparent* to the =
other end
> of any connection out of my edge network that it's NATted at my end.
>=20
It's not transparent to:
Application Developers
Operating Systems
Home Gateway Developers
Consumer Electronics Developers
Technical Support departments
My users who are trying to talk to your users using applications =
that
are designed to work in a NAT-free world.
My technical support department that gets the "we can't reach =
them"
calls from my users who can't reach your users.
It may not be your first trip to the rodeo, but, you do appear to have a =
rather
limited perspective on the far reaching detriments of NAT.
> As for incoming connections, it's transparent to them as well -- and =
which=20
> ones are valid targets for such connections *is a policy decision of
> mine*, not subject to external opinion.
>=20
Stateful inspection gives you all the same protection for that policy as =
NAT
without breaking the end-to-end model.
Nobody is trying to take away your policy rights.
> Could you clarify, in some detail, precisely how you get to TotC, =
Blake?
>=20
I think the list of afflicted groups above covers it pretty well.
Owen
