{I had written:}
| from label switching, so what I'm suggesting is that we take the bull by
| the horns once and for all and run MPLS over IP instead of under it...
an mplsd-like tag fits neatly in the first half of an ipvsux destination
address, although there are other places in the
IMHO what we need to change is the *implicit* association between
"host" related identifiers and "network topology" related identifiers -
so that coders treat them as separate entities, and provide a way
for the two to be different at the IP layer - while still allowing
the optimization to
IMHO what we need to change is the *implicit* association between
host related identifiers and network topology related identifiers -
so that coders treat them as separate entities, and provide a way
for the two to be different at the IP layer - while still allowing
the optimization to
thank you, I think you've advertised this draft quite adequately for the
time being. I'm quite willing to look at it, but there are numerous
Thanks! now I will relax and go home :)
every possible alternative architecture to conclude that (a) most or all
of these identifiers are
At 09:47 19/12/2000 -0800, Mike Fisk wrote:
It's an argument of semantics, but I prefer to say that we're separating
transport-layer end-to-end from application-layer end-to-end. Make
applications explicitly terminate transport connections at gateways. So
what is now a connection from me to you
On Thu, 21 Dec 2000, Harald Alvestrand wrote:
At 09:47 19/12/2000 -0800, Mike Fisk wrote:
It's an argument of semantics, but I prefer to say that we're separating
transport-layer end-to-end from application-layer end-to-end. Make
applications explicitly terminate transport connections at
Excellent. We've agreed that IPv6's problems are a subset of IPv4's.
From: Randy Bush [EMAIL PROTECTED]
unfortunately, we have not shown it is a proper subset. e.g. the larger
address space may exacerbate issues already causing problems in v4, such as
the increasing number of routes.
On Thu, 21 Dec 2000, Mike Fisk wrote:
Yes, I was being slightly more general to include other gateways that
don't necessarily operate at the application layer:
TCP-splicing/spoofing, NAT, SOCKS, etc.
The problem is that the protocol mechanisms to discover and use these
gateways are
On Thu, 21 Dec 2000, Mike Fisk wrote:
Yes, I was being slightly more general to include other gateways that
don't necessarily operate at the application layer:
TCP-splicing/spoofing, NAT, SOCKS, etc.
The problem is that the protocol mechanisms to discover and use these
At 02:19 PM 12/14/00 -0500, [EMAIL PROTECTED] wrote:
I haven't decided which of the four NAT should be blamed on.
let's be fair. There was an excellent reason for NAT at the time. Postel
suggested that private address spaces could be used rather than assigning
precious IP Address space to
At 02:54 PM 12/14/00 -0500, Tony Dal Santo wrote:
What exactly is the state of the IPv4 "address pool"? I realize there is
a PERCEIVED shortage, and this is usually the main motivation for NAT.
But is there a real shortage? Are "reasonable" requests for addresses
being denied?
The way I
At 04:41 PM 12/21/00 -0800, Fred Baker wrote:
Unfortunately, the world is not internet-attached. Western Europe is, the
US and Canada are, Australia is, Taiwan has Internet in every public
library (I'm told). It comprises populations in the 1 billion person
ballpark. There are some pretty
| from label switching, so what I'm suggesting is that we take the bull by
| the horns once and for all and run MPLS over IP instead of under it...
an mplsd-like tag fits neatly in the first half of an ipvsux destination
address, although there are other places in the vsux header you can put
At 02:11 AM 12/22/00 +0100, Sean Doran wrote:
an mplsd-like tag fits neatly in the first half of an ipvsux destination
address, although there are other places in the vsux header you can put
tag bits if you're inclined to do so for stacking reasons or whatnot.
actually, I should think the flow
On Wed, 20 Dec 2000, John Stracke wrote:
Why don't you read the I-D
I did.
Then you'd see that the invisibility refers to that of the server
host, as follows: The client sees only the service name binding
in the form of the URL, but what it gets as the data path is
a virtual path (or LSP)
one of nature's great dualities: statedulness will take root in the
most barren soil, even though datagrams will try to route around it
j
though if nat speak unto nat, then ipv6 be born
In message [EMAIL PROTECTED], "Theodore Y. Ts'o" writes
:
Date: Mon, 18 Dec 2000 14:45:08 -0800 (PST)
From: Mike Fisk [EMAIL PROTECTED]
Gateways that surreptitiously modify packets can break ANY end-to-end
protocol no matter what layer it's at. Assume that we sacrifice IP
"Theodore Y. Ts'o" [EMAIL PROTECTED] writes:
Kerberos tried to deal with this problem by talking about "canonical
domain name", which it tried to define as being the name that you got
when you took a DNS name, forward resolved it to get an A address, and
then reverse-resolved it to get a DNS
If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
Well, there are all those load-distributing hacks -- Akamai and
others. But I bet they could come up with a huge flesh-tone bandaid
so you would continue not to notice. On a good day.
there is no such thing as a "canonical domain name" for a host.
Kerberos tried to invent such a concept, but it didn't work all that
well. I would much rather have some real IP-level endpoint identifier.
If that's what we're securing, that's what we should be using.
mumble. as far as I can
If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
I disagree. IPSEC is about Security at the IP layer, and that means we
need a security association which is tied to an object which is
addressable at the IP layer --- an IP address.
except that,
In your previous mail you wrote:
While I wouldn't go quite that far, I've been saying for years that the
IP header doesn't need any authentication if we have IPsec.
= this is not true for IPv6 extension headers or IPv4 options.
... in a note explaining why I thought AH was useless
Hi Keith!
On Tue, 19 Dec 2000, Keith Moore wrote:
mumble. as far as I can tell, both DNS names and IP addresses
are hopelessly overloaded and are likely to stay that way until
we figure out how to make a major architectural change.
Could you please take a look at
From: Ken Raeburn [EMAIL PROTECTED]
Date: 19 Dec 2000 09:02:52 -0500
"Theodore Y. Ts'o" [EMAIL PROTECTED] writes:
Kerberos tried to deal with this problem by talking about "canonical
domain name", which it tried to define as being the name that you got
when you took a DNS
On Tue, 19 Dec 2000, Theodore Y. Ts'o wrote:
Date: Mon, 18 Dec 2000 14:45:08 -0800 (PST)
From: Mike Fisk [EMAIL PROTECTED]
Gateways that surreptitiously modify packets can break ANY end-to-end
protocol no matter what layer it's at. Assume that we sacrifice IP
addresses as
In message [EMAIL PROTECTED], Mike Fi
sk writes:
The marginal value I see in IPsec is that it is useful for protocols other
than TCP. For TCP applications, I confess that I don't see much value in
IPsec (not that TLS has any particular merits, it just became more common
first).
Why do I
On Tue, 19 Dec 2000, V Guruprasad wrote:
Could you please take a look at
draft-guruprasad-addressless-internet-00.txt
?
I've just started to read it and in 1.1 it says:
"- requiring e2e network knowledge (omniscience) at each node in the
form of e2e routing tables (Section
Date: Tue, 19 Dec 2000 11:20:23 -0500
From: V Guruprasad [EMAIL PROTECTED]
On Tue, 19 Dec 2000, Keith Moore wrote:
mumble. as far as I can tell, both DNS names and IP addresses
are hopelessly overloaded and are likely to stay that way until
we figure out how to make a
Steve Bellovin, on IPSEC, not-AH:
| [A] host's identity is represented by its certificate (I'm speaking a bit
| loosely here); its IP address is merely the way that packets reach it.
This is an example of two separate namespaces that allow one
to distinguish between "who" and "where".
On Tue, 19 Dec 2000, Jon Knight wrote:
are on and what the address of their gateway router is. Not exactly what
I'd call omniscience.
All right, I confess, I'm not perfect in summarising the existing art and
relating to it (yet). I promise to gratefully acknowledge comments such as
these
On Tue, 19 Dec 2000, Mike Fisk wrote:
explosion. So over time there becomes an established club of roots and
everybody else has to be a child. That creates a monopolistic situation
where you have to pay a root node for transit. It could work, but it
sounds worse than the existing DNS
On Tue, 19 Dec 2000, Mike Fisk wrote:
It's one thing to hand out addresses or names. It's another thing to run
a top-level routing server that all of your children customers have to
route through to get to other top-level providers. Your mapping between
the two would imply that, for
V Guruprasad wrote:
of virtual memory is that it makes it easier for the user (well,
programmer) by hiding the nasty details of which physical address your
IMHO, hiding is not the primary function of virtual memory addressing,
On the contrary. Hiding the details from the programmer means
Keith Moore writes:
| but I'm fairly convinced that we are *far* better off with a global
| name space for network attachment points, which are exposed and
| visible to hosts and applications, than we are with only locally
| scoped addresses visible to hosts and applications
Out of curiosity,
--- Sean Doran [EMAIL PROTECTED] wrote:
Keith Moore writes:
| but I'm fairly convinced that we are *far* better off with a global
| name space for network attachment points, which are exposed and
| visible to hosts and applications, than we are with only locally
| scoped addresses visible
Perry E. Metzger wrote:
They can't avoid it. They need to get their work done. They have no
way of getting registered addresses. They're told to use NAT by
organizations like ARIN, and so they do the only thing they can.
I have a hard time believing ARIN is telling people to use NAT, when
You know, concerns over global name spaces and architectural purity are
valid to the engineer/operator. But to Joe User who just got his first
cable modem and got rid of AOL, he just wants to connect his computer
to the Internet. Then he wants to share that connection with his kids'
From: "Perry E. Metzger" [EMAIL PROTECTED]
Date: 17 Dec 2000 13:32:03 -0500
It certainly takes more. The amount of NAT equipment out there is
astonishing, and as I said at the plenary, people are starting to pay
Real Money (as in millions a year) in large organizations to keep the
Date: Fri, 15 Dec 2000 19:44:18 +0100 (CET)
From: [EMAIL PROTECTED] (Sean Doran)
| It's already happening. Try running IPSec from one 10 network to
| another 10 network. Much pain.
Surely the "much pain" is because, as Melinda Shore indicates,
some "anti-NAT fanatics"
At 12/18/00 01:07 PM -0500, Theodore Y. Ts'o wrote:
The flaw in your argument is that you're assuming that the only reason
to do NAT is because of the address space problem. My concern is that
it may turn out that some transport/routing people may conclude that we
may also need to do NAT to
At 12/18/00 01:07 PM -0500, Theodore Y. Ts'o wrote:
The flaw in your argument is that you're assuming that the only reason
to do NAT is because of the address space problem. My concern is that
it may turn out that some transport/routing people may conclude that we
may also need to do NAT to
What is technically wrong with v6 that isn't already technically wrong
with v4?
Thank you, Perry, you've put it in a nutshell.
Noel
Excellent. We've agreed that IPv6's problems are a subset of IPv4's.
Now until we have a concrete design proposal for a perfect world, can
"Theodore Y. Ts'o" [EMAIL PROTECTED] writes:
It would be *awfully* convenient if we declare up front that something
is the "end point identifier" (i.e., "who"), and is forever exempt from
being changed by intermediate routing entities, and if necessary,
something is else the routing component
On Mon, 18 Dec 2000, Theodore Y. Ts'o wrote:
My concern is that it may turn out that some transport/routing people
may conclude that we may also need to do NAT to solve the routing
problem. In which case, we're back to where we started.
I'd feel a lot better if we could get key
Excellent. We've agreed that IPv6's problems are a subset of IPv4's.
unfortunately, we have not shown it is a proper subset. e.g. the larger
address space may exacerbate issues already causing problems in v4, such as
the increasing number of routes.
and i am not 'taunting' but trying to see
At 13:44 15/12/00, Sean Doran wrote:
Surely the "much pain" is because, as Melinda Shore indicates,
some "anti-NAT fanatics" cannot understand the distinction
between "who" and "where"?
I fancy that I know one or two things about ESP
and AH. Your analysis is Wrong. The pain has
At 17:39 18/12/00, John Collis wrote:
This is true. To do this though really requires some re-architecting
of the current Internet model, based on "first principles".
Yes.
In particular, there is not a sufficient "name space" for what we are
often currently trying to do - hence the
If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
Donald
From: RJ Atkinson [EMAIL PROTECTED]
Message-Id: [EMAIL PROTECTED]
Date: Mon, 18 Dec 2000 20:45:43 -0500
To: [EMAIL PROTECTED] (Sean Doran)
Cc: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
On Mon, 18 Dec 2000 22:54:47 EST, "Donald E. Eastlake 3rd" [EMAIL PROTECTED]
said:
If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
I admit to not having read the DNSSEC RFCs. I however do hope that they
are immune to the same sort of attacks against SSL
DNSSEC is still evolving, it isn't deployed yet, and the right mailing
lists to discuss it are the DNSEXT and DNSOP working groups. However,
to give a really brief answer, if your local revolver is unwilling to
do the full blown DNSSEC cryptography and just wants to trust that the
local
From: Geoff Huston [EMAIL PROTECTED]
part of the characteristics of today's Internet is that its is
flattening out. The concept of hierarchical connectivity with
'upstreams' and 'downstreams' ... as I understand the current
deployment plan there are TLAs and sub TLAs,
Date: Mon, 18 Dec 2000 22:54:47 -0500
From: "Donald E. Eastlake 3rd" [EMAIL PROTECTED]
If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
I disagree. IPSEC is about Security at the IP layer, and that means we
need a security association which is
Date: Mon, 18 Dec 2000 14:45:08 -0800 (PST)
From: Mike Fisk [EMAIL PROTECTED]
Gateways that surreptitiously modify packets can break ANY end-to-end
protocol no matter what layer it's at. Assume that we sacrifice IP
addresses as not necessarily end-to-end. Fine, there are
[EMAIL PROTECTED] (Sean Doran) writes:
Perry Metzger writes:
| Maybe because I hear from folks like you and others that you're
| ideologically opposed to deploying v6 instead of against it for
| technical reasons?
You have never heard this from me.
I have no doubt whatsoever that you
I understand that there are pressures to do multihoming, but I just don't see
how NAT (i.e. address sharing) is having much effect one way or the other on
the intensity of the pressure to do multi-homing.
NATs allow users to be irresponsible about the addressing since they
dont require you
From: "Perry E. Metzger" [EMAIL PROTECTED]
What is technically wrong with v6 that isn't already technically wrong
with v4?
Thank you, Perry, you've put it in a nutshell.
Noel
to make v6 work tarks end users more work than v4
if "v4" includes dealing with an increasingly severe shortage of
address space (which sooner or later implies forced renumbering)
and/or tying together multiple NATted networks, it's not at all
clear that this takes less work than v6.
Keith
From: Bradley Dunn [EMAIL PROTECTED]
I do think that there is a definite causal relationship between the
address space shortage and the number of prefixes in the routing tables.
People who allocate addresses .. use slow-start algorithms in their
allocation policies due
Keith Moore [EMAIL PROTECTED] writes:
to make v6 work tarks end users more work than v4
if "v4" includes dealing with an increasingly severe shortage of
address space (which sooner or later implies forced renumbering)
and/or tying together multiple NATted networks, it's not at all
At 13:32 17/12/00, Perry E. Metzger wrote:
It is true that v6 qua v6 does not solve the route explosion
problem. It is also true that the route explosion problem is
a real problem. However, it doesn't make it worse, either.
From an operator perspective, supporting *2* IP protocols
is
The vitriol that will be poured on this is from reactionaries
who seek to preserve the indistinction between who and where,
I don't know anyone who seeks to preserve this indistinction;
however, I know several folks who are realistic about the
difficulties of separating the two.
and who
From: Keith Moore [EMAIL PROTECTED]
if you try to build a global network out of limited-scope addresses you
eventually end up reinventing IP at a higher layer.
Err, did you perhaps mean "end up reinventing globally unique addresses
somewhere else in the system"? :-)
Keith Moore writes:
| if you try to build a global network out of limited-scope addresses
| you eventually end up reinventing IP at a higher layer.
Correct, that's (some of) the point of CATNIP (RFC 1707): you construct
a network layer out of a virtual superset of the component internets'
At 12:37 PM 12/17/2000 -0500, J. Noel Chiappa wrote:
It's hard to put numbers on it without knowing what %-age of sites which are
already globally advertised has more that one prefix, and how fast that
number is growing. However, looking at the routing table growth (it has
doubled in about 3
From: "Perry E. Metzger" [EMAIL PROTECTED]
Several layers of NAT has become common
This is have a hard time fathoming - not that I'm doubting that people do it,
mind.
I mean, I can understand it is a temporary thing, e.g. if one company buys
another, and in gluing the networks
In message [EMAIL PROTECTED], "J. Noel Chiappa" writes
:
I mean, once you're behind a NAT box, you've got a *lot* of addresses to play
with (how many, exactly, depends on how you're doing it). This is puzzling to
me - what configurations are there out there that demand more address space,
"J. Noel Chiappa" [EMAIL PROTECTED] writes:
From: "Perry E. Metzger" [EMAIL PROTECTED]
Several layers of NAT has become common
This is have a hard time fathoming - not that I'm doubting that people do it,
mind.
Imagine a large number of companies talking to each other -- the
In message [EMAIL PROTECTED], "J. Noel Chiappa" writes
:
I mean, I can understand it is a temporary thing, e.g. if one company buys
another, and in gluing the networks together they temporarily leave the
bought company behind a NAT, but interface it to the world via the main
corporation's
if you try to build a global network out of limited-scope addresses you
eventually end up reinventing IP at a higher layer.
Err, did you perhaps mean "end up reinventing globally unique addresses
somewhere else in the system"? :-)
No. I considered whether reinventing something
"Steven M. Bellovin" wrote:
In message [EMAIL PROTECTED], "J. Noel Chiappa" writes
:
I mean, I can understand it is a temporary thing, e.g. if one company buys
another, and in gluing the networks together they temporarily leave the
bought company behind a NAT, but interface it to the
[EMAIL PROTECTED] (Sean Doran) writes:
I should have waited until Perry had spoken, because now that he has
pointed out the extreme cost of NAT, I have seen the light!
NATs are expensive. They have gross side-effects. Even Noel Chiappa,
my guru, says that they are an architectural hack.
From: "Perry E. Metzger" [EMAIL PROTECTED]
you're ideologically opposed to deploying v6 instead of against it for
technical reasons?
Ah, *that's* what's wrong with IPv6 - it doesn't pay enough attention to
control of the means of production by the workers.
And here I was, all
Perry Metzger writes:
| Maybe because I hear from folks like you and others that you're
| ideologically opposed to deploying v6 instead of against it for
| technical reasons?
You have never heard this from me.
I have no doubt whatsoever that you have heard this from others
speaking about me.
I looked again. Perry Metzger still writes:
| So, I have to wonder, why is it that they have no option?
|
| Maybe because I hear from folks like you and others that you're
| ideologically opposed to deploying v6 instead of against it for
| technical reasons?
Wait, it's because of *me* that
From: Geoff Huston [EMAIL PROTECTED]
There are strong indications that NAT is one factor behind this part of
the BGP table.
I'm afraid I'm missing the logic here. As you point out below, NAT's may have
caused people to use *smaller* blocks of the global address space:
much
the fact that IPv* doesn't distinguish between who and where does
cause some problems, but does not significantly impact the ability
to route IPv* packets. even if you free IP addresses from any kind
of role as host identity (which IMHO would be a good thing except that
nobody has produced a
At 12/16/00 10:02 PM -0500, J. Noel Chiappa wrote:
From: Geoff Huston [EMAIL PROTECTED]
There are strong indications that NAT is one factor behind this part of
the BGP table.
I'm afraid I'm missing the logic here. As you point out below, NAT's may have
caused people to use
From: Geoff Huston [EMAIL PROTECTED]
[NAT's] shouldn't have any effect on the *number* of [address]
blocks (i.e. things which can potentially produce global routing table
entries).
... So the number of distinct "local areas" is still the same, yes?
And NAT's
the problems with NAT are not generally due to implementation.
they are inherent in the very idea of NAT, which destroys the
global Internet address space.
Keith
How does the idea of NAT destroy the global Internet address space?
because in a NATted network the same addresses are used in different
parts of the network. addresses are meaningless.
Frank Solensky wrote:
Brian E Carpenter wrote:
Frank,
This is goodness. Can I ask that you publish the *method* before
you publish any results? I have seen various attempts to
tackle this in the past, and they have all given results that
are very hard to interpret and whose
On 15 Dec 2000 at 10:56 -0500, Keith Moore apparently wrote:
How does the idea of NAT destroy the global Internet address space?
because in a NATted network the same addresses are used in different
parts of the network. addresses are meaningless.
How much meaning does "Keith Moore" have?
: Re: NATs *ARE* evil!
because in a NATted network the same addresses are used in different
parts of the network. addresses are meaningless.
On Fri, 15 Dec 2000 08:54:36 PST, Scott Brim said:
How much meaning does "Keith Moore" have? Somehow we have a planet with
billions of people on it and those who need to still manage to find the
appropriate "Keith Moore". How do they do that? Are there any lessons
to be learned?
The
What's the problem with locally significant addresses? Having thousands of
10 networks will never present a problem unless those networks at some point
would like to talk to each other.
right. if net 10 networks stay completely isolated from one another,
then there's no problem. the
[recipient list trimmed]
The lesson to be learned is that we say "The Keith Moore that works at UTK".
even this is not sufficient. I once received a telephoned death threat
from someone who had mistaken me with a different Keith Moore from UTK.
fortunately I was able to convince him that he
lto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 11:11 AM
To: Keith Moore
Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: NATs *ARE* evil!
What's the problem with locally significant addresses? Having thousands of
10 networks will never present a problem unless thos
On Fri, 15 Dec 2000, Scott Brim wrote:
How much meaning does "Keith Moore" have? Somehow we have a planet with
billions of people on it and those who need to still manage to find the
appropriate "Keith Moore". How do they do that? Are there any lessons
to be learned?
They do that by
On Fri, 15 Dec 2000 12:11:29 EST, Dave Robinson said:
What's the problem with locally significant addresses? Having thousands of
Hmm.. this from a guy posting from endtoend.com? I'm not sure if the
right word is "ironic" or "sarcastic". In any case, didn't we just
release an RFC detailing in
: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: NATs *ARE* evil!
because in a NATted network the same addresses are used in different
parts of the network. addresses are meaningless.
; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: NATs *ARE* evil!
Yes! TCP breaks due to the fact that "true" source/destination sockets
cannot be defined. The destination would not know where to send a response
except in the case where DNS is used...unless I need to do more rea
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 12:22 PM
To: Scott Brim
Cc: Keith Moore; Dave Robinson; M Dev; Sean Doran; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: NATs *ARE* evil!
On Fri, 15 Dec 2000 08:54:36 PST, Scott Brim said:
How
Folks should read and *refer* to the NAT WG documents before commenting. An
awful lot of work was put into the content and wording of these documents.
RFC 2663
draft-ietf-nat-protocol-complications-06.txt
RFC 2993
How much meaning does "Keith Moore" have? Somehow we have a planet with
billions of people on it and those who need to still manage to find the
appropriate "Keith Moore". How do they do that? Are there any lessons
to be learned?
"Keith Moore" is not an address, "Keith Moore" is a name.
Robinson'; Keith Moore
Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: NATs *ARE* evil!
Yes! TCP breaks due to the fact that "true" source/destination sockets
cannot be defined. The destination would not know where to send a response
except in the case where D
RFC 2993 Architectural Implications of NAT's ?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 12:55 PM
To: Dave Robinson
Cc: [EMAIL PROTECTED]
Subject: Re: NATs *ARE* evil!
On Fri, 15 Dec 2000 12:11:29 EST, Dave Robinson said
From: Keith Moore [mailto:[EMAIL PROTECTED]]
the problems with NAT are not generally due to implementation. they
are inherent in the very idea of NAT, which destroys the global
Internet address space.
From: Dave Robinson [EMAIL PROTECTED]
How does the idea of NAT
nnect using VPNs.
"
This is becoming a major drawback to NAT.
-Chris
-Original Message-
From: Matt Holdrege [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 10:19 AM
To: [EMAIL PROTECTED]
Subject: Re: NATs *ARE* evil!
Folks should read and *refer* to the NAT WG docume
How does the idea of NAT destroy the global Internet address space?
because in a NATted network the same addresses are used in different
parts of the network. addresses are meaningless.
So what? Why is this the big problem?
__
Do You
I will admit to some level of confusion
the subject line of this thread is "NATs *ARE* evil!" yet most of the
discussion is about the use of private addresses - something that
a whole lot of firewalls also do - howcum the subject line is
not "NATs Firewalls are evil!" or "use of private
1 - 100 of 123 matches
Mail list logo
