In message <[EMAIL PROTECTED]>, Paul Ferguson typed:
>>I wouldn't be so quick to characterize NAT as a "dead-end" technology.
i would.
NATs are classic short term optimisation kills long term benefoit of
the right way of doing things. also:
for NATs to scale to deal with the global net completely they must be
globally coordinated - we have failed to deploy a single globally
coordinated _infra-structural_ service since the DNS - sure there's
lots of sitelocal servers (dhcp, time etc)< and there's content
servers which may even deign to take part in proxy cacheing, and
there's intra-ISP servers.....but nothing inter-domain apart fron DNS
really - and if NATs dont do this (and all the ANTs to date dont so
they only deal with access-to-core which is a incy-wincy piece of the
problem in the LONG run), then something else will....whether IPv6
(best case scenario to date), or
application level relays with name based routes which would be a real
shame coz reliability, cheapness and security will all be unattainable
then too...
>>Personally, I think NAT is just fine, but I'm a self-proclaimed cynic
>>and also consider myself somewhat of a pragmatist. In any event, it
>>works for me, but I could certainly be in the minority.
>>I think most of the hoopla surrounding NAT's revolve around engineering
>>purism. And I agree that statements that assert that NAT's provide some
>>sort of "security through obscurity" are complete red herrings.
>>Having said that, I ask you: What do you foresee as a realistic IPv6
>>transition plan? Dual stacks? I don't see it happening, to tell you
>>the truth. (Maybe this 6-in-4 stuff will actually help here.)
well, how about we just start to turn it on in some routers? - it works
in most host OSs now, dual stack, just fine.
the value of the net is the square of the number of people connected -
NAT is a square root function.
>>The truth is that NAT's allow organizations to deploy machines in
>>networks which otherwise would not have enough address space. To
>>say that NAT's are unequivocally evil is unfair, methinks.
>>
>>- paul
>>
>>At 01:37 PM 11/30/1999 -0800, Tony Hain (Exchange) wrote:
>>
>>>Yes there are problems with protocols that carry addresses, but ignoring
>>>encrypted traffic that really amounts to acquiring and synchronizing
>>>deployments of ALGs. In the early stages this doesn't sound hard, but will
>>>vendors be willing to add new ALGs to 3 year old NAT hardware? Will they
>>>create an update process that is easy enough for the average user? Will
>>>the average user be able to figure out which NAT needs updating, and what
>>>version it needs? Add the fact that people want to encrypt their traffic
>>>for privacy, and one wonders why so much effort is spent on this dead-end
>>>technology.
>>
cheers
jon
