Tony,
I wouldn't be so quick to characterize NAT as a "dead-end" technology.
Personally, I think NAT is just fine, but I'm a self-proclaimed cynic
and also consider myself somewhat of a pragmatist. In any event, it
works for me, but I could certainly be in the minority.
I think most of the hoopla surrounding NAT's revolve around engineering
purism. And I agree that statements that assert that NAT's provide some
sort of "security through obscurity" are complete red herrings.
Having said that, I ask you: What do you foresee as a realistic IPv6
transition plan? Dual stacks? I don't see it happening, to tell you
the truth. (Maybe this 6-in-4 stuff will actually help here.)
The truth is that NAT's allow organizations to deploy machines in
networks which otherwise would not have enough address space. To
say that NAT's are unequivocally evil is unfair, methinks.
- paul
At 01:37 PM 11/30/1999 -0800, Tony Hain (Exchange) wrote:
>Yes there are problems with protocols that carry addresses, but ignoring
>encrypted traffic that really amounts to acquiring and synchronizing
>deployments of ALGs. In the early stages this doesn't sound hard, but will
>vendors be willing to add new ALGs to 3 year old NAT hardware? Will they
>create an update process that is easy enough for the average user? Will
>the average user be able to figure out which NAT needs updating, and what
>version it needs? Add the fact that people want to encrypt their traffic
>for privacy, and one wonders why so much effort is spent on this dead-end
>technology.
