[41371] in North American Network Operators' Group
Re: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Jon Mansey)
Fri Sep 7 13:27:06 2001
From: Jon Mansey <jon_mansey@verestar.com>
To: nanog@merit.edu
Mime-Version: 1.0
Message-Id: <a05100320b7beb127c3c9@[10.200.186.50]>
In-Reply-To: <200109071630.QAA14585@vacation.karoshi.com>
Date: Fri, 7 Sep 2001 10:26:02 -0700
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: owner-nanog-outgoing@merit.edu
It seems a pretty simple argument to me.
Do I want as many people using (and maybe _buying_, what a concept!)
my app as possible with the least amount of network clue and setup
headaches, or do I want to eliminate most of the corporate, SOHO,
cable, DSL, Linux population because I cant be bothered to develop my
app to be NAT-friendly.
Duh!
All the previous times this discussion has arisen here, I have
concluded that "real" IPs should only be owned and used by folks with
clue, everyone else gets a NATed IP. Discuss.
jm
> > > |> True... neither does a well-firewalled LAN.
>> >
>> > There is a substantial difference between broken access and controlled
>> > access.
>>
>> Yes, but there are plenty of apps that will not work if you do not leave
>> open large, arbitrary ranges of udp ports. This is fundamentally
>> incompatible with most sane firewalls. Or NAT.
>>
>> Why write a protocol that way? Just to prove NAT sucks?
>>
>> Charles
>
>
> No, because they were either written before NAT existed and
>tried hard to conform to the end2end principles of Internet Architecture
>or they were written after NAT existed and tried hard to conform to the
>end2end principles of Internet Architecture.
>
> NAT violates the end2end principles of the Internet Architecture
>by placing one or more policy abstraction layer(s) between the endpoints.
>
> That said, NAT is a tool in the tool box. I'd like to think that
>its worth the effort to try and recover true end2end.
>
>--bill
--
jon_mansey@verestar.com Chief Science Officer
------------------------------------------------------------------
Verestar Networks, Inc. http://www.verestar.com
1901 Main St. tel (310) 382 3300
Santa Monica, California 90405 fax (310) 382 3310
------------------------------------------------------------------
