On 10/21/2010 8:38 PM, Owen DeLong wrote:
Given the number of times and the distance over which I have seen RFC-1918
routes propagate, this belief is false to begin with, so, removing this false
sense
of security is not necessarily a bad thing.
I don't think it's really a propagation issue. As the ISP, I don't
actually route RFC-1918 space to my corporate customers, many of which
maintain static assignments (no routing protocol). While they can leak
packets out, there will never be a return of packets to them. They view
this as a feature.The tragedy won't be networks deploying NAT. I'm all
for allowing you to buy
a gun, ammunition, and aim at your foot or head as you wish.
The tragedy will be if enough networks do this to hobble development of truly
useful tools that depend on a NAT-free environment to work.
I think we should respect the different types of networks, and their
administrative goals. I have customers who manage large educational
networks. Their engineers have a strong belief in free speech and
openness. They have very few filters, don't utilize NAT, and have a
reactionary security policy. I also have corporate customers who run
extreme nat, don't allow access to social network sites, proxy every
communication in and out, and generally don't care that they break 90%+
of the applications that work over the Internet, especially when it's
not business related.
That being said, I've seen corporate networks change, altering their
security policy and the way they do things in order to support
applications which they desire. So I wouldn't be surprised if a tight
NAT dwelling network suddenly shifted to routing global addressing to
meet new applications needs.
Jack
