> Keith,
>
> It has been my experience that many of the current network admins
> today believe NAT is the de facto way of connecting to the Internet.
> In fact, in one of the network classes I teach, it takes a lot of
> convincing on my part to show that NAT offers them very little security.
> Most net admins today have only seen a world through NAT eyes so they
> don't see the benefits of not having it.
As I've seen a lot of this kind of thinking even in IETF, I have no
trouble at all believing it exists elsewhere.
But people can learn over time, even without a killer app. Of course
the problem with NAT is that it inhibits the spread of killer apps -
people will never see useful new applications that could run without
NATs because NATs prevent them from having a chance to try them out.
For me, the entire motiviation behind 6to4 was to give people a way to
deploy new kinds of apps without first having to upgrade the infrastructure -
the biggest hurdle being to get rid of NATs.
> If you want people to live in a world without NAT, I think you have
> to have the killer application that simply will not function properly
> with it. This is much more difficult than it sounds. As hard as
> people like the IETF try, many new network protocols will continue
> to fail if 1) legacy applications are not supported or 2) killer
> applications are not available to drive the demand.
My goals are more modest than that. I accept that NAT will be a fixture
in IPv4 forever, and that IPv4 will be used to support important legacy
apps for a long time, maybe 20 more years. But I'm trying to get folks
in IETF to recognize the problems with NATs (you have to start somewhere),
I'm trying to get us to strongly discourage NATs in IPv6, and I'm trying
to get us to develop technically sound alternatives to the problems that
NATs purport to solve.
Keith
