|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Virtues of NAT (was Re: Cable Modem [really more about PPPoE])
You write: > NAT breaks end-to-end. NAT is evil. NAT is a sign of weakness. > NAT only exists because we have failed in providing a secure > network with virtually infinite addresses. NAT is a sign of shame > for every self-respecting Internet Engineer. NAT is good. I don't necessarily *want* end-to-end. I don't want to give the world IP-level access to the thermostat in my refrigerator, nor do I want to burden my refrigerator with encryption/authentication software. Within my house, I'm happy to be able to read and change the refrigerator's thermostat with an unauthenticated UDP datagram. This is not an unusual situation. Does GE (say) need or want every desktop PC and laser printer in the corporation to be globally addressable? (Yes, I know they have 3.0.0.0/24; how many of those addresses are pingable -- or will respond in any way to a packet from outside GE?) The usual response to this argument is to point out (correctly) that NAT is neither necessary nor sufficient for such an arrangement. True, but it's a natural way of expressing it. Think of NAT as the address space analogue of DNS domains: refrigerator.shankland.org is not the same as refrigerator.gwi.net. My world (a fairly security-conscious one) is naturally organized into multiple address spaces, with well-specified and well-controlled access paths between them. I could implement this world on a global, flat address space; but why would I want to? The fact that using NAT also leads to massive conservation of the dwindling IPv4 address space is a nice bonus :-). Jim Shankland
|