[151368] in North American Network Operators' Group
Re: shared address space... a reality!
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Mar 16 17:23:13 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <0FD4AD4C-88BE-4C7E-BDBC-D177A911A36A@firsthand.net>
Date: Fri, 16 Mar 2012 14:17:38 -0700
To: "cdel.firsthand.net" <cdel@firsthand.net>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It may be easy to sell, but it's also fictitious.
NAT is antithetical to security, not beneficial to it.
Owen
On Mar 16, 2012, at 1:21 PM, cdel.firsthand.net wrote:
> NAT at the edge is one thing as it gives an easy to sell security =
proposition for the board. But CGN controlled by whoever sitting between =
their NATs does the opposite.=20
>=20
>=20
>=20
> Christian de Larrinaga
>=20
>=20
> On 16 Mar 2012, at 19:35, William Herrin <bill@herrin.us> wrote:
>=20
>> On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
>> <alvarezp@alvarezp.ods.org> wrote:
>>> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
>>> <christopher.morrow@gmail.com> wrote:
>>>> NetRange: 100.64.0.0 - 100.127.255.255
>>>> CIDR: 100.64.0.0/10
>>>> OriginAS:
>>>> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>>>=20
>>> Weren't we supposed to *solve* the end-to-end connectivity problem,
>>> instead of just letting it live?
>>=20
>> "We" forgot to ask if all the stakeholders wanted it solved. Most
>> self-styled "enterprise" operators don't: they want a major control
>> point at the network border. Deliberately breaking end to end makes
>> that control more certain. Which is why they deployed IPv4 NAT boxen
>> long before address scarcity became an impactful issue.
>>=20
>> Regards,
>> Bill Herrin
>>=20
>>=20
>> --=20
>> William D. Herrin ................ herrin@dirtside.com =
bill@herrin.us
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>>=20
