Re: NATs *ARE* evil!
the problems with NAT are not generally due to implementation. they are inherent in the very idea of NAT, which destroys the global Internet address space. Keith
Re: NATs *ARE* evil!
How does the idea of NAT destroy the global Internet address space? because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
Re: Congestion control
On 14 Dec 2000 at 17:31 -0800, Dave Crocker apparently wrote: At 03:58 PM 12/14/00 -0800, Scott Brim wrote: Building on a previous suggestion: Just to be clear, my suggestion is diametrically opposed to the list that you specified. You are suggesting very tight queue management. By the mid-70's, Kleinrock showed that these mechanisms do not work in the face of sustained overload. They only work when the problem is transient. Rather than trying to manage the congestion, I am suggesting that we throw money at the problem, to overbuy space so that we don't have the problem. So, throwing bandwidth at the problem is quite cost-effective in about 85% of the cases, and congestion control is most useful at aggregation points, say where enterprise networks meet regional networks. It would seem then, that we should solve the meeting room congestion by getting really big rooms, and control access to the halls? ...Scott
Re: Congestion control
I think we need to look to the future where three thousand participants are going to offer up their ideas and we need to be able to take advantage of those resources without stuff "getting dropped" simply because of the meeting space/format. Perhaps. But in a forum with three thousand participants, I doubt that either space or bandwidth are the primary barriers to producing a consensus around sound technical solutions. In other words, even assuming we had the space/bandwidth to accomodate them all, three thousand people is far too many for a single group discussion. We'd need to adopt drastically different methods for running a working group and for making decisions. I also suspect it's much easier for thirty people to come up with a good technical solution, than for three thousand or even three hundred, even if the clue density remains the same for each case. Keith
Re: NATs *ARE* evil!
Frank Solensky wrote: Brian E Carpenter wrote: Frank, This is goodness. Can I ask that you publish the *method* before you publish any results? I have seen various attempts to tackle this in the past, and they have all given results that are very hard to interpret and whose meaning depends very much on the method used. I think we could react to the numbers more rationally if we discussed the method first. Sure thing. Would it make sense to spin this off as a separate list? big-internet is probably still there. Brian
Re: NATs *ARE* evil!
On 15 Dec 2000 at 10:56 -0500, Keith Moore apparently wrote: How does the idea of NAT destroy the global Internet address space? because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless. How much meaning does "Keith Moore" have? Somehow we have a planet with billions of people on it and those who need to still manage to find the appropriate "Keith Moore". How do they do that? Are there any lessons to be learned? ...Scott
RE: NATs *ARE* evil!
What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? Dave -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:56 AM To: Dave Robinson Cc: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
Re: NATs *ARE* evil!
On Fri, 15 Dec 2000 08:54:36 PST, Scott Brim said: How much meaning does "Keith Moore" have? Somehow we have a planet with billions of people on it and those who need to still manage to find the appropriate "Keith Moore". How do they do that? Are there any lessons to be learned? The lesson to be learned is that we say "The Keith Moore that works at UTK". In fact, there's a word for when two people use the same exact identifier - it's called "identity theft" and usually makes life very difficult for all concerned - for many of the same reasons that 2 hosts with the same IP address don't play nice. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech PGP signature
Re: NATs *ARE* evil!
What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. right. if net 10 networks stay completely isolated from one another, then there's no problem. the problem only exists when people want to tie those networks together. but it's inevitable that the vast majority of private networks *will* want to communicate with the public Internet in ways that NAT does not facilitate. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? in a nutshell, yes. Keith
Re: NATs *ARE* evil!
[recipient list trimmed] The lesson to be learned is that we say "The Keith Moore that works at UTK". even this is not sufficient. I once received a telephoned death threat from someone who had mistaken me with a different Keith Moore from UTK. fortunately I was able to convince him that he had the wrong person, but it wasn't easy. Keith
RE: NATs *ARE* evil!
Yes! TCP breaks due to the fact that "true" source/destination sockets cannot be defined. The destination would not know where to send a response except in the case where DNS is used...unless I need to do more reading Tina Iliff -Original Message- From: Dave Robinson [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 11:11 AM To: Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? Dave -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:56 AM To: Dave Robinson Cc: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
Re: NATs *ARE* evil!
On Fri, 15 Dec 2000, Scott Brim wrote: How much meaning does "Keith Moore" have? Somehow we have a planet with billions of people on it and those who need to still manage to find the appropriate "Keith Moore". How do they do that? Are there any lessons to be learned? They do that by attempting to use additional fields to create a unique global name for Keith Moore, such as "Keith Moore, the painter from Dublin" or "Keith Moore, the taxidermist from Dubai." And just like you can't identify 192.168.0.1 if it changes the address it lives on in the global namespace, you'll have a hard time finding your friend Keith if he moves to Dallas. The lesson we learn from this is that people need significantly longer names, in order to prevent confusion, and make it easier to find long-lost acquaintances. Not to mention which make the jobs of various government agencies and courts significantly easier. -= flail? http://flail.com/ =- -= the online comic strip =-
Re: NATs *ARE* evil!
On Fri, 15 Dec 2000 12:11:29 EST, Dave Robinson said: What's the problem with locally significant addresses? Having thousands of Hmm.. this from a guy posting from endtoend.com? I'm not sure if the right word is "ironic" or "sarcastic". In any case, didn't we just release an RFC detailing in excruciating detail? -- Valdis Kletnieks Operating Systems Analyst Virginia Tech PGP signature
Re: NATs *ARE* evil!
Bingo! RFC 2775, RFC 2993 Brian Dave Robinson wrote: What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? Dave -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:56 AM To: Dave Robinson Cc: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
RE: NATs *ARE* evil!
Well, let me correct myself. It is more along the lines of firewall security being broken in the sense of all firewalls would have to be open to entire networks instead of limiting individual hosts. IP would be broken in the sense of routers not being able to distinguish which route to choose in the case of multiple hosts having the same IP address but they are located behind different firewalls, routers, etc in different enterprises. Tina Iliff -Original Message- From: Iliff, Tina Sent: Friday, December 15, 2000 11:48 AM To: 'Dave Robinson'; Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! Yes! TCP breaks due to the fact that "true" source/destination sockets cannot be defined. The destination would not know where to send a response except in the case where DNS is used...unless I need to do more reading Tina Iliff -Original Message- From: Dave Robinson [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 11:11 AM To: Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? Dave -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:56 AM To: Dave Robinson Cc: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
RE: NATs *ARE* evil!
Don't get me wrong, NAT is an odd booger to be sure, personally I think it is another $BIG_SOFTWARE_COMPANY conspiracy ;-) But... they do not have the same identity, when NAT occurs the device then bears a globally unique IP address at least to all those with whom there may be a conflicting address and those are the only ones that count. yes no maybe? It does not matter whether you call the street my house is on Maple street or 4th street or four streets down from main street as long as the Post Office (read NAT box) knows what you mean happy friday and merry holidays, David H -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 12:22 PM To: Scott Brim Cc: Keith Moore; Dave Robinson; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! On Fri, 15 Dec 2000 08:54:36 PST, Scott Brim said: How much meaning does "Keith Moore" have? Somehow we have a planet with billions of people on it and those who need to still manage to find the appropriate "Keith Moore". How do they do that? Are there any lessons to be learned? The lesson to be learned is that we say "The Keith Moore that works at UTK". In fact, there's a word for when two people use the same exact identifier - it's called "identity theft" and usually makes life very difficult for all concerned - for many of the same reasons that 2 hosts with the same IP address don't play nice. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: What is the IETF? -- A note of caution
(I copy this to the poisson list, since I am somehow blocked from the IETF list). I am fully understand what your concern is. But, - what should those "corporate representative" do? - where should they go? The point is you dont, not in IETF. Either you are interested in the work you doing or you are not. If you are not interested in the work, then joining IETF for the sake of 'corporate representation' is not going to help the WG in anyway at all so why bother? -James Seng
Re: NATs *ARE* evil!
Folks should read and *refer* to the NAT WG documents before commenting. An awful lot of work was put into the content and wording of these documents. RFC 2663 draft-ietf-nat-protocol-complications-06.txt RFC 2993
Re: NATs *ARE* evil!
How much meaning does "Keith Moore" have? Somehow we have a planet with billions of people on it and those who need to still manage to find the appropriate "Keith Moore". How do they do that? Are there any lessons to be learned? "Keith Moore" is not an address, "Keith Moore" is a name. Melinda
Re: Congestion control
One suggestion: given that one or two "channels" of video/audio is always available during the meeting, and given that a number of people simply want to "see what is going on" (regardless of the merit of this), why not pipe the 2 channels onto the hotel TV channels?. This was done during the recent ICANN meeting in LA and worked very well. Since 99% of all the action was on stage, you could easily follow the proceedings from the comfort of your hotel room. It's not a complete solution, but it does at least allow people to follow (some of) the meetings they cannot physically get into. Ole Ole J. Jacobsen Editor and Publisher The Internet Protocol Journal Office of the CTO, Cisco Systems Tel: +1 408-527-8972 GSM: +1 415-370-4628 E-mail: [EMAIL PROTECTED] URL: http://www.cisco.com/ipj
Re: WLAN
On Fri, 15 Dec 2000, Måns Nilsson wrote: nice to notice that the IETF WLAN is also working here at the Embassy Suites hotel, which is far (ab. 2 miles) away from the Sheraton... Is here a secret/uninformed access point or is the range of WLAN this awesome on this side of the world?-) It's a Qualcomm device. So? My network interface card is not. I just wanted to know if there is an access point in the hotel or not. Teemu
RE: NATs *ARE* evil!
Well, in this case a device that is doing NAT (properly anyway)would replace the ip and socket headers, much the way each router replaces physical addresses. -Chris Millikin -Original Message- From: Iliff, Tina [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 9:48 AM To: 'Dave Robinson'; Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! Yes! TCP breaks due to the fact that "true" source/destination sockets cannot be defined. The destination would not know where to send a response except in the case where DNS is used...unless I need to do more reading Tina Iliff -Original Message- From: Dave Robinson [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 11:11 AM To: Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? Dave -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:56 AM To: Dave Robinson Cc: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
Re: Congestion control
At 16:57 14/12/2000 -0800, Jelena Mirkovic wrote: Eso some people get cut off even during registration process??? What does it mean active? How about newcomers? Would it not be a nice idea to simply find a hotel with enough number of big rooms so that everyone who wants can fit in? At least at registration time? And then you can have stand-by for people that did not register but suddenly decided they would like to attend some sessions. there is a little problem with the timelines of IETF planning... if you have a BOF meeting at time T, the timeline is roughly: T-2 years: Contract with hotel is signed T-3 months: Most participants register T-2 months: BOF proponents start registering T-1 month: BOF is announced T-1 week: BOF agenda is posted T-3 days: Last BOF participants decide to attend the IETF T-5 minutes: Lots of IETF participants decide to attend the BOF T: BOF happens T+5 minutes: Complaints about room crowding hit the IETF list :-) If someone wants changes to earlier decisions based on events that happen later, please send one (1) time machine to the IETF secretariat. (guessing is what we already do!) -- Harald Tveit Alvestrand, [EMAIL PROTECTED] +47 41 44 29 94 Personal email: [EMAIL PROTECTED]
RE: NATs *ARE* evil!
RFC 2993 Architectural Implications of NAT's ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 12:55 PM To: Dave Robinson Cc: [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! On Fri, 15 Dec 2000 12:11:29 EST, Dave Robinson said: What's the problem with locally significant addresses? Having thousands of Hmm.. this from a guy posting from endtoend.com? I'm not sure if the right word is "ironic" or "sarcastic". In any case, didn't we just release an RFC detailing in excruciating detail? -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Announcing a new mailing list on middleware
Please redistribute to appropriate forums. As I promised in the MIDCOM working group in San Diego, I've created a mailing list for discussion on diagnostics and discovery of intermediate devices. Here are the particulars: List name: [EMAIL PROTECTED] Subscribe: [EMAIL PROTECTED] Archive:none as of yet march is short for Middleware ARCHitecture. All I mean by that is that how it all fits together: diagnostics, discovery, and communications with middleware devices is in scope for this list. So is OM as relates to those devices and their end points. Flaming about intermediate devices is not in scope. I'd like to start, however, by focusing discussion on diagnostics and discovery. Please join me on this list to consider how these devices make themselves known, what the implications of diagnostic messages such as ICMP errors could be in these cases, and what additional mechanisms are needed. Cheers! -- Eliot Lear [EMAIL PROTECTED]
Re: Congestion control
--- Keith Moore [EMAIL PROTECTED] wrote: We'd need to adopt drastically different methods for running a working group and for making decisions. I agree whole heartedly. How ever when do we put a stake in the ground to beging this? I also suspect it's much easier for thirty people to come up with a good technical solution, than for three thousand or even three hundred, even if the clue density remains the same for each case. Keith Again I agree, however what happens when 3000 want to have their opinion heard? How do we filter them all down to something manageable? Again I would offer a warning flag that the IETF will need to be ready for rapid growth and exposure. Gabriel __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Nimrod is still ugly - was: NATs *ARE* evil!
Were we to i) incrementally deploy and start using new globally unique namespace(s) [either a single one functioning much as IPv4 addresses functioned originaly, or, as many of us think would be wise, two separate ones, one to identify entities for end-end communication and another to give topologically related names to communication devices], and then ii) reinterpret the 32-bit fields as "local forwarding tags", then NAT boxes would cease to be an architectural ugliness, and become merely engineering ugliness. "I trust I make myself obscure." (And a tip of the hatly hat to anyone who recognizes the source of that quotation... :-) Noel Now that we've figured out the first step and admit to the remaining ugliness, maybe we can take the next... Here goes: One basic reason Nimrod is still ugly is that it leaves us to deal with real addresses. The art of doling out virtual addresses and doing virtual-to-real translation behind the scenes, and quite efficiently at that, has been known in the OS arena for over three decades. Even PC OS's have it today :) Isn't it time to graduate to the network analogue? Yes, it takes a mental leap - even binary search isn't as simple as linear, let alone Unix to the DOS-groomed. But if you want performance, scalability and elegance, it's possible, it's already shown, and it's waiting for the brave new world. Far more importantly, which point is sorely missed in the Triad and Nimrod proposals and where the real mental leaps comes, it doesn't require throwing the v4 (or v6) baby out with the scummy bathwater. ["and still the earth moves"] -p.
Re: NATs *ARE* evil!
From: Keith Moore [mailto:[EMAIL PROTECTED]] the problems with NAT are not generally due to implementation. they are inherent in the very idea of NAT, which destroys the global Internet address space. From: Dave Robinson [EMAIL PROTECTED] How does the idea of NAT destroy the global Internet address space? Ah, Keith was using a little verbal shorthand here. He meant "NAT removes the global *uniqueness* of NAT'd Internet addresses". Similarly, when he said: addresses are meaningless. he really meant "NAT'd addresses are no longer capable of uniquely globally identifying people". NAT'd addresses do still have *some* meaning, of course, it's just a more complex and restricted meaning than they used to. This message brought to you by the Society for More Accurate Technical Terminology. :- Noel
RE: NATs *ARE* evil!
Point taken. Rather than reiterate my point I will refer to the following excerpt from RFC 2993: " - NATs enable casual use of private addresses. These uncoordinated addresses are subject to collisions when companies using these addresses merge or want to directly interconnect using VPNs. " This is becoming a major drawback to NAT. -Chris -Original Message- From: Matt Holdrege [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:19 AM To: [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! Folks should read and *refer* to the NAT WG documents before commenting. An awful lot of work was put into the content and wording of these documents. RFC 2663 draft-ietf-nat-protocol-complications-06.txt RFC 2993
Re: Nimrod is still ugly - was: NATs *ARE* evil!
From: v guruprasad [EMAIL PROTECTED] One basic reason Nimrod is still ugly is that it leaves us to deal with real addresses. If you find a way to select paths in real networks using only virtual data, we'd all be interested to hear it. Noel PS: The issues of i) globally/locally unique addresses (i.e. NAT), and ii) separation of location and identity, have nothing to do with the selection of paths. So why you think there's some reason to drag in a scheme that is purely about path selection is completely beyond me.
Re: NATs *ARE* evil!
How does the idea of NAT destroy the global Internet address space? because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless. So what? Why is this the big problem? __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/
Re: Congestion control
At 07:58 AM 12/15/00 -0800, Scott Brim wrote: So, throwing bandwidth at the problem is quite cost-effective in about 85% of the cases, and congestion control is most useful at aggregation points, say where enterprise networks meet regional networks. It would seem then, that we should solve the meeting room congestion by getting really big rooms, and control access to the halls? It is possible to avoid congestion entirely. Use beaches. There may be other problems :^)
Re: Congestion control
At 04:57 PM 12/14/00 -0800, Jelena Mirkovic wrote: Would it not be a nice idea to simply find a hotel with enough number of big rooms so that everyone who wants can fit in? I don't know if you are aware of it, but there is a very simple algorithm for determining what the "conference hotel" will be for any given meeting. Ask what city it is in, and find out what the largest hotel is. We are already going to the largest places we can find short of going to conference centers; in some cases, we are already using conference centers. I have asked the Secretariat to advise me, quantitatively, of the implications of making that leap. I can tell you up front that it has implications for either the meeting fee or the corporate sponsorship.
Re: NATs *ARE* evil!
I will admit to some level of confusion the subject line of this thread is "NATs *ARE* evil!" yet most of the discussion is about the use of private addresses - something that a whole lot of firewalls also do - howcum the subject line is not "NATs Firewalls are evil!" or "use of private addresses is evil!"? this focus on NATs seems to be an incomplete statement of the problem Scott
Re: Congestion control
In case the IETF is truly desperate: We could also rent out a major university during the summer and stick everybody in dorm rooms - that should be enough to discourage the tourists and evoke the roots of the Internet :-) I'm sure OSU has classroom space for a few ten thousand students... Then, there's always the Scout Jamboree option: build an Internet tent city. I'd imagine Burning Man has more attendees than the IETF and it seems to draw some of the same crowd. -- Henning Schulzrinne http://www.cs.columbia.edu/~hgs
Re: Congestion control
Fred Baker [EMAIL PROTECTED] writes: I don't know if you are aware of it, but there is a very simple algorithm for determining what the "conference hotel" will be for any given meeting. Ask what city it is in, and find out what the largest hotel is. We are already going to the largest places we can find short of going to conference centers; in some cases, we are already using conference centers. I have asked the Secretariat to advise me, quantitatively, of the implications of making that leap. I can tell you up front that it has implications for either the meeting fee or the corporate sponsorship. IMO that is becoming obvious and although some people will hate the idea, I think the latter option is probably the only realistic one. We still need to make it reasonably easy enough for anyone to attend. Therefore we can't afford to blowout the cost of coming to an IETF so that only those individuals working for companies with deep enough pockets can attend. Cheers, -- John Collis IndraNet Technologies Ltd. Email: [EMAIL PROTECTED]
Re: Agenda suggestions
For an alternate rendering of the agenda, see http://www.aciri.org/fenner/0mtg-agenda.html Bill
Re: NATs *ARE* evil!
I find it amazing (well, probably not so amazing) that we are re-hashing this every few years. It looks like NAT's are a fact of life, and we just need to figure out how to deal with them. - paul At 07:59 PM 12/15/2000 -0500, Scott Bradner wrote: I will admit to some level of confusion the subject line of this thread is "NATs *ARE* evil!" yet most of the discussion is about the use of private addresses - something that a whole lot of firewalls also do - howcum the subject line is not "NATs Firewalls are evil!" or "use of private addresses is evil!"? this focus on NATs seems to be an incomplete statement of the problem
Re: Congestion control
"Henning G. Schulzrinne" wrote: In case the IETF is truly desperate: We could also rent out a major university during the summer and stick everybody in dorm rooms - that should be enough to discourage the tourists and evoke the roots of the Internet :-) Many a true word is said in jest cheers, gja
Re: NATs *ARE* evil!
"Scott" == Scott Bradner [EMAIL PROTECTED] writes: Scott the use of private addresses - something that a whole lot of Scott firewalls also do - howcum the subject line is not "NATs Scott Firewalls are evil!" or "use of private addresses is evil!"? Not all firewalls do NAT. Firewalls that do NATs are included in the definition of NAT/NAPT. Some application firewalls exist that don't change the addresses at all. They still mess up the end-to-end nature of the internet, but that's their stated purpose. :!mcr!:| Solidum Systems Corporation, http://www.solidum.com Michael Richardson |For a better connected world,where data flows fastertm Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: Congestion control
At 12:24 PM 12/15/00 -0800, Fred Baker wrote: I have asked the Secretariat to advise me, quantitatively, of the implications of making that leap. I can tell you up front that it has implications for either the meeting fee or the corporate sponsorship. And that impact is precisely why I phrased my suggestion as a question. On the other hand, we are growing, so that impact will be felt at some point, no matter what. The congestion problem hits us regularly, so it seems worth looking for some sort of basic change to eliminate it. I do not believe that better "planning" is really feasible; too many variables the planners cannot predict or control. I also do not believe that restricted attendance or other draconian administrative practises are appropriate; they would dramatically alter the nature and dynamic of our communal get togethers. More space is entirely practical, except for the open question of cost. But since growth ensures we encounter the problem eventually, let's gain the upside from it sooner rather than later. d/ =-=-=-=-= Dave Crocker [EMAIL PROTECTED] Brandenburg Consulting www.brandenburg.com Tel: +1.408.246.8253, Fax: +1.408.273.6464
RE: NATs *ARE* evil!
How about this, practicality. Let's say we can kill all NAT's by sunset, Sunday. Who can make stop all the NAT's poping up Monday morning? They might be up all night building experimental network, with red eyes? Pan Jung -Original Message- From: Iliff, Tina [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:48 AM To: 'Dave Robinson'; Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! Yes! TCP breaks due to the fact that "true" source/destination sockets cannot be defined. The destination would not know where to send a response except in the case where DNS is used...unless I need to do more reading Tina Iliff -Original Message- From: Dave Robinson [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 11:11 AM To: Keith Moore Cc: M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: NATs *ARE* evil! What's the problem with locally significant addresses? Having thousands of 10 networks will never present a problem unless those networks at some point would like to talk to each other. Is that where this whole discussion is going (or coming from) - that ultimately the more NAT'ing we do, the more headaches we're creating for ourselves en route to true global connectivity? Dave -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Friday, December 15, 2000 10:56 AM To: Dave Robinson Cc: Keith Moore; M Dev; Sean Doran; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: NATs *ARE* evil! because in a NATted network the same addresses are used in different parts of the network. addresses are meaningless.
Re: guidance (re: social event politeness)
"Joel" == Joel Jaeggli [EMAIL PROTECTED] writes:
Joel I've recieved 3 dozen or so responses from people on the mailing
Joel list who have automated vacation scripts. Please if you must use a
Joel vaction script on your mail either unsubscribe from the mailing
Joel list while you're gone, use procmail to filter your lists so they
Most of these people how no choice to use more intelligent systems.
The best that they can do is to not use the vacation system.
Their mailer systems are not rfc1123 compliant --- they use the
From: address for "errors", not the From_ address. Their vacation programs
can not ignore "Precedence:" headers, etc.
They all use the same mail systems, btw.
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] [EMAIL PROTECTED] www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
Re: NATs *ARE* evil!
"Jon" == Jon Crowcroft [EMAIL PROTECTED] writes:
Jon note that a major problem with the little wortk that is done is that
Jon its not often done in realistic topologies - this is a problem with
Jon ISPs who wont let people get at the data (or the traffic traces) so
Jon with a few honourable exceptions, most the smart people trying to do
Jon new stuff go on to other areas where there aren;t intractable
Jon barriers to doig the experimental verficaition of the idea
This is even a problem for most non-major vendors.
Both at the BGP layer and at the forwarding layer.
I've even heard that some people at major's can't get at that info
because of inter-divisional politics.
CAIDA has produced lots of interesting data though. The problem for
vendors is finding enough to time to read it.
If someone knows of a grad school that has money to do BGP research :-)
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] [EMAIL PROTECTED] www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
Re: NATs *ARE* evil!
"Sean" == Sean Doran [EMAIL PROTECTED] writes:
Sean I should have waited until Perry had spoken, because now that he
Sean has pointed out the extreme cost of NAT, I have seen the light!
Sean NATs are expensive. They have gross side-effects. Even Noel
Sean Chiappa, my guru, says that they are an architectural hack.
Sean So, why are people deploying them?
Sean They are so awful, that it must only happen when people have NO
Sean OTHER OPTION.
Let's seperate things as public networks vs private networks.
"Public networks"
IP addresses cost money and the people deploying NATs in places like
hotels are not smart enough to buy a pool of IP addresses and use host
routing.
For private network (e.g. corporate networks) there are other reasons.
But, availability of IP addresses is a major one.
My suggestion is that all NAT products should provide IPv6 with 6to4
support. Instead of doing ESPUDP to get IPsec around NATs, we should do
put ESP over IPv6. This requires the same amount of effort (new clients, new
servers), but leverages IPv6 into the equation. 6to4 is very cool.
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] [EMAIL PROTECTED] www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
siglite - BOF mailing list
After discussions with Scott Bradner, I have set up a mailing list at http://lists.cs.columbia.edu/mailman/listinfo/siglite to discuss interest in possibly having a BOF on light-weight approaches to network-layer signaling for QoS, network state setup, pricing information and related topics. The goal of the list is to narrow down the topics of discussion sufficiently well to see if there is a sufficient interest and a coherent agenda for a BOF at the next IETF. At this point, this is an exploratory effort to gather some of the recent work on network-layer signaling protocols and see if any of it should be pursued in the IETF. Different design trade-offs than today's protocols are likely to be needed to arrive at different design choices. For example, a sub-goal may be the use in devices with restricted memory resources, such as 3G wireless or various networked appliances. The range of commonality across network-layer signaling functions is also, I believe, an interesting area of exploration. No decisions on the BOF have been made at this point. Thanks. Henning -- Henning Schulzrinne http://www.cs.columbia.edu/~hgs
Re: NATs *ARE* evil!
Surely the "much pain" is because, as Melinda Shore indicates, some "anti-NAT fanatics" cannot understand the distinction between "who" and "where"? sounds like a Peter Pan theory okay, everbody, close your eyes and try *real hard* to make believe that you can route between networks using overlapping address space, and that you can run distributed large scale distributed applications without a shared space for endpoint identifiers... if it doesn't work, you're not trying hard enough to believe! excuse me while I puke. Keith
