[150229] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun Feb 19 19:30:51 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4F3F8C28.3090002@necom830.hpcl.titech.ac.jp>
Date: Sun, 19 Feb 2012 16:24:49 -0800
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 18, 2012, at 3:31 AM, Masataka Ohta wrote:
> David Barak wrote:
>=20
>>> From: Owen DeLong owen@delong.com
>>=20
>>> Sigh... NAT is a horrible hack that served us all too well in
> >> address conservation. Beyond that, it is merely a source of pain.
>>=20
>> I understand why you say that - NAT did yeoman's work in address
> > conservation. However, it also enabled (yes, really) lots of
> > topologies and approaches which are *not* designed upon the
> > end-to-end model. Some of these approaches have found their way
> > into business proceses.
>=20
> I'm afraid both of you don't try to understand why NAT was
> harmful to destroy the end to end transparency nor the end
> to end argument presented in the original paper by Saltezer
> et. al:
>=20
> The function in question can completely and correctly be
> implemented only with the knowledge and help of the application
> standing at the end points of the communication system. =
Therefore,
> providing that questioned function as a feature of the
> communication system itself is not possible.
>=20
> While plain NAT, which actively hide itself from end systems,
> which means there can be no "knowledge and help of the
> application" expected, is very harmful to the end to end
> transparency, it is possible to entirely neutralize the
> harmful effects, by let NAT boxes ask help end systems.
>=20
>> An argument you and others have made many times boils down
> > to "but if we never had NAT, think how much better it
> > would be!"
>=20
> The reality is much better that NAT is not so harmful if NAT
> clients and gateways are designed properly to be able to
> reverse the harmful translations by NAT gateways.
>=20
> I have running code to make the reverse translations, with
> which protocols such as ftp with PORT commands are working.
>=20
> Masataka Ohta
No, I think you do not understand...
I have a NAT gateway with a single public address.
I have 15 FTP servers and 22 web servers behind it.
I want people to be able to go to ftp://<hostname> and/or =
http://<hostname> for each of them.
Please explain to me how your code solves this problem?
Yeah, thought so.
Owen
