[149918] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Thu Feb 16 20:13:01 2012
Date: Fri, 17 Feb 2012 10:11:22 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <CAJ0NkqhMpcrucK7twUYAX7FMzkF4ZoJX3cV5gLA36o5O-yBUJw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Andreas Echavez wrote:
> *Why disabling ICMP doesn't increase security and only hurts the web* *(path
> MTU discovery, diagnostics)
That PMTUD works is a misconception.
> *How NAT breaks end-to-end connectivity (fun one..., took me
> hours to explain to an old boss why doing NAT at the ISP level
> was horrendously wrong)
That's another misconception.
While NAT breaks the end to end connectivity, it can be
restored by end systems by reversing translations by NAT,
if proper information on the translations are obtained
through some protocol such as UPnP.
Masataka Ohta
