NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite.
Christian de Larrinaga On 16 Mar 2012, at 19:35, William Herrin <[email protected]> wrote: > On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez > <[email protected]> wrote: >> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow >> <[email protected]> wrote: >>> NetRange: 100.64.0.0 - 100.127.255.255 >>> CIDR: 100.64.0.0/10 >>> OriginAS: >>> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED >> >> Weren't we supposed to *solve* the end-to-end connectivity problem, >> instead of just letting it live? > > "We" forgot to ask if all the stakeholders wanted it solved. Most > self-styled "enterprise" operators don't: they want a major control > point at the network border. Deliberately breaking end to end makes > that control more certain. Which is why they deployed IPv4 NAT boxen > long before address scarcity became an impactful issue. > > Regards, > Bill Herrin > > > -- > William D. Herrin ................ [email protected] [email protected] > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004 >
