[149930] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Feb 16 23:50:32 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4F3DA93A.3060904@necom830.hpcl.titech.ac.jp>
Date: Thu, 16 Feb 2012 20:48:04 -0800
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 16, 2012, at 5:11 PM, Masataka Ohta wrote:
> Andreas Echavez wrote:
>=20
>> *Why disabling ICMP doesn't increase security and only hurts the web* =
*(path
>> MTU discovery, diagnostics)
>=20
> That PMTUD works is a misconception.
>=20
It actually works where people have not made active efforts to break it.
>> *How NAT breaks end-to-end connectivity (fun one..., took me
>> hours to explain to an old boss why doing NAT at the ISP level
>> was horrendously wrong)
>=20
> That's another misconception.
>=20
> While NAT breaks the end to end connectivity, it can be
> restored by end systems by reversing translations by NAT,
> if proper information on the translations are obtained
> through some protocol such as UPnP.
>=20
Sigh... NAT is a horrible hack that served us all too well in address =
conservation. Beyond that, it is merely a source of pain.
Owen
