At 16:36 15/02/2001 -0800, Bernard D. Aboba wrote:
Today, NAT penetration among consumers isn't very high because networked
multi-PC homes are relatively rare. However, as multiple device homes
proliferate along with home networking, I would expect the majority of
consumer PCs to be behind NATs
[I've taken the bulk of my response to Ed's last reply to private
mail, since I assume few here are interested in tedious arguments
about exactly how the Internet is analogous to the postal system,
but I'll just make his one public observation:]
At 9:45 PM -0800 2/15/01, Ed Gerck wrote:
I agree
David,
Ron Natalie and I renumbered hq.af.mil the week of the Loma Prieta quake.
List the NAT implementations deployed at the time.
The point you'll have made is that an-aide-to-renumbering NATs weren't.
If they are marketed now as such, happy, but not necessary, is the marketeer.
Eric
Ed, you seem to be ignoring the difference between identification,
location, and routing. What the post office does is routing, not NAT.
The NAT problem is a problem because IP addresses mix the concepts
of identification and location in a single bit string. There's nothing
natural about it, at
List:
My example of the UK postal system, with addresses that behave as names,
was NOT an attempt to make a parallel between the postal system and the
full glory of the Internet. BTW, I don't believe in such parallels. Sorry to disapoint
those that thought so! ;-)
My sole puprose with that
At 8:12 AM -0800 2/16/01, Ed Gerck wrote:
1. there is a natural need for heterogeneous address systems and,
Agreed.
2. therefore, there is a natural need for address translation.
Only if there's some need to interconnect them, and even then only as
a temporary measure, if at all, because there
1. there is a natural need for heterogeneous address systems and,
okay
2. therefore, there is a natural need for address translation.
no. it doesn't follow, at least not in the sense of address translation
as done by NAT. there is a natural need for *routing* or *mapping*
between higher
Bernard,
Exactly. That is why 6to4 came out the way it did - it offers a way
for a NATted IPv4 site to introduce non-NATted IPv6 without losing
anything or throwing away anything.
There are RFCs explaining the issues with NAT technically and objectively.
I don't see why this generates comments
which current NAT approaches
will introduce as we increasingly deploy peer-to-peer applications within our
infrastructures.
-Original Message-
From: Brian E Carpenter [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 8:04 AM
To: Bernard Aboba
Cc: Randy Bush; Melinda Shore; Michael W.
| I don't see why this generates comments about anti-NAT religion.
I prepared a shockingly rude but very funny riposte to this message,
however the spirits intervened and decided to make a poorly-aimed
wheel-mouse motion kill the editor in a surprising way.
Unless this can be attributed to the
Steve Deering wrote:
At 8:12 AM -0800 2/16/01, Ed Gerck wrote:
1. there is a natural need for heterogeneous address systems and,
Agreed.
2. therefore, there is a natural need for address translation.
Only if there's some need to interconnect them, and even then only as
a temporary
Unless this can be attributed to the universe's hatred of NAT in
general, may I humbly suggest that this is a suggestion from the loa
that we return to the discussion at hand, viz. how to make
midboxes more useful to the people who choose to deploy them, by (for
example) exposing servers
Taking your valuable points a bit further, NAT avoidance arguments aren't
likely to sell IPv6 to us large end users, because this is a problem for which
it is difficult to construct a business case that will excite the
non-technical managers who are in charge of blessing large capital
| I respectfully but firmly disagree that this is "the discussion at
| hand", or even that such a discussion is a useful. but if you must
| have that discussion, please take it to the midcom list.
Ah, sorry, mea maxima culpa - I had misread (several times)
the To:/Cc: line as containing the
On Wed, Feb 14, 2001 at 10:44:47PM -0500, Keith Moore wrote:
it's hardly surprising that professional network administrators are more
likely than the average home user to understand the limitations of NATs,
[...]
a significant percentage of the folks who will drive v6 deployment will
be
David,
IPv6 does not solve the need to renumber if you change providers (and no,
not everyone can be a provider -- IPv6 uses CIDR, just like IPv4). Until
that issue is addressed, there will be NATs. Even for v6.
Odd. Every time I renumbered some site (hq.af.mil and sundry other sites
Well the message I got earlier was the IPv6 will not fix
the NAT problem - true or not true?
Well, it won't fix the NAT problem in scenarios
where v6 is not deployed. But aside from the
other answers you've received so far, I've also
heard several people mention the need to support
something
It's our collective job to ensure that IPv6 doesn't
leave any of the motivations to do NAT intact. The
"hiding" motivation (aka address policy domains)
is bogus anyway, and has never been a valid reason for
doing IPv4 NAT, so it's particularly hard to combat.
Brian
Melinda Shore wrote:
It's our collective job to ensure that IPv6 doesn't
leave any of the motivations to do NAT intact.
i suggest that, for most of us, there are more useful and concrete major
direct goals of ipv6 than anti-nat religion.
randy
Eliot,
On Wed, 2001.02.14, Eliot Lear wrote:
With all the discussion of Napster and so-called "peer to peer" networking,
I think NATs are going to become far more visible to users as these
applications grow in popularity. Today, you can use something like Gnutella
if at least one party is
Keith,
It has been my experience that many of the current network admins
today believe NAT is the de facto way of connecting to the Internet.
In fact, in one of the network classes I teach, it takes a lot of
convincing on my part to show that NAT offers them very little security.
Most net
On Thu, 2001.02.15, Lloyd Wood wrote:
that webpage is still black on black.
The style file on http://affine.watson.ibm.com/tmp/ has been commented out,
since some versions of Mozilla (4.05 on SunOS 5.6??) appear to be broken.
-p.
It's our collective job to ensure that IPv6 doesn't
leave any of the motivations to do NAT intact.
i suggest that, for most of us, there are more useful and concrete major
direct goals of ipv6 than anti-nat religion.
to the extent that anti-NAT is a religion it is because NAT is a
i suggest that, for most of us, there are more useful and concrete major
direct goals of ipv6 than anti-nat religion.
to the extent that anti-NAT is a religion it is because NAT is a religion
no, it's a market reality. we may not like it, but we'd be fools to deny
it.
randy
i suggest that, for most of us, there are more useful and concrete major
direct goals of ipv6 than anti-nat religion.
to the extent that anti-NAT is a religion it is because NAT is a religion
no, it's a market reality. we may not like it, but we'd be fools to deny
it.
I agree that one
Such views, I submit, are a form of religion.
Religion is a belief in a power higher than oneself.
NAT-mania is a form of mass delusion.
Cheers,
RGF
Robert G. Ferrell, CISSP
Who goeth without humor goeth unarmed.
i suggest that, for most of us, there are more useful and concrete major
direct goals of ipv6 than anti-nat religion.
And in fact, the anti-NAT religion hurts deployment of IPv6
because it is hard to get customers to throw away things
they have already bought.
I would also suggest that the
i suggest that, for most of us, there are more useful and concrete major
direct goals of ipv6 than anti-nat religion.
And in fact, the anti-NAT religion hurts deployment of IPv6
because it is hard to get customers to throw away things
they have already bought.
I would also suggest that
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location, provided
there is no conflict. This seems to be more similar to the
I suspect it only works in rural areas - I recall walking past 27A
In message [EMAIL PROTECTED], Ed Gerck writes:
Actually, in the UK you can do just what you wish ;-)
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location, provided
there is no conflict. This seems
Keith,
At 10:44 PM 2/14/2001 -0500, Keith Moore wrote:
If end users are required to modify configuration files, you will see NAT
so they don't have to.
not if the NATs cause more pain than modifying the config files.
True. However, a company that produces a NAT that is more painful to
Keith,
At 10:44 PM 2/14/2001 -0500, Keith Moore wrote:
If end users are required to modify configuration files, you will see NAT
so they don't have to.
not if the NATs cause more pain than modifying the config files.
True. However, a company that produces a NAT that is more painful
Given the penetration of NAT, particularly in the business world, I
suspect B2B applications that do not work with NAT will not exist too
long.
from the little i have seen, because b2b usually wants authentication,
authorization, and encryption, a lot of that stuff goes through gateways/
"Steven M. Bellovin" wrote:
In message [EMAIL PROTECTED], Ed Gerck writes:
Actually, in the UK you can do just what you wish ;-)
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location,
anyway, what's the half-life of a piece of network equipment? 2-3 years?
In the consumer space, it's probably the life of the customer's
arrangement with the service provider. While turnover is high with dialup
ISPs, it is presumably lower with xDSL and Cable modems. So I would be
looking
At 3:41 PM -0800 2/15/01, Ed Gerck wrote:
"Steven M. Bellovin" wrote:
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location, provided
there is no conflict.
...Note that this is a natural
In message [EMAIL PROTECTED], Ed Gerck writes:
"Steven M. Bellovin" wrote:
In message [EMAIL PROTECTED], Ed Gerck writes:
Actually, in the UK you can do just what you wish ;-)
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
Steve Deering wrote:
At 3:41 PM -0800 2/15/01, Ed Gerck wrote:
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location, provided
there is no conflict.
...Note that this is a natural
"Steven M. Bellovin" wrote:
In message [EMAIL PROTECTED], Ed Gerck writes:
"Steven M. Bellovin" wrote:
In message [EMAIL PROTECTED], Ed Gerck writes:
Actually, in the UK you can do just what you wish ;-)
You give a name to your house (say, "The Tulip") and
the post office
Steve Deering wrote:
At 6:21 PM -0800 2/15/01, Ed Gerck wrote:
...
In Internet NAT terms, "The Tulip" is the globally routable IP number for
my DSL, the post office is my NAT box and the physical address
"545 Abbey St." is the local, non-routable IP number of my host A.
That would be
Eric,
Odd. Every time I renumbered some site (hq.af.mil and sundry other sites
sharing similar characteristics), there was neither a NAT prior to, nor
subsequent to, the renumbering.
If they are already using NAT, it is most likely they wouldn't need your
services to renumber, no?
Rgds,
-drc
Noel,
At 01:20 AM 2/15/2001 -0500, J. Noel Chiappa wrote:
Why do I have to change
street addresses just because I moved?
A very good reason your name is separate from your address.
Good thing you didn't choose telephone numbers in your rant, huh?
In any event, my point (in case you missed it
Well the message I got earlier was the IPv6 will not fix
the NAT problem - true or not true? I assume
with IPv6 there is no need for NATs. Who thinks
they will still be around - humm maybe if the ISP charge
a fortune for 4 IP addresses vs 1 IP address (IPv6 or IPv4).
At 11:53 AM 2/2/2001 -0800,
Well the message I got earlier was the IPv6 will not fix
the NAT problem - true or not true?
depends on how you define "the NAT problem"
- if you define it as a shortage of addresses, then IPv6 *does*
solve the NAT problem - provided, of course, that the RIRs
are willing to assign
to correct something I just miswrote:
- if you define it as the ability to "plug and ping" small networks
into the Internet, then (as far as I can tell) we still need
a small piece of protocol beyond IPv6 to have a "pure IPv6"
plug-and-ping solution. in the interim, either PPP or DHCP
At 05:53 PM 2/14/2001 -0800, Michael W. Condry wrote:
I assume with IPv6 there is no need for NATs.
IPv6 does not solve the need to renumber if you change providers (and no,
not everyone can be a provider -- IPv6 uses CIDR, just like IPv4). Until
that issue is addressed, there will be NATs.
IPv6 does not solve the need to renumber if you change providers (and no,
not everyone can be a provider -- IPv6 uses CIDR, just like IPv4). Until
that issue is addressed, there will be NATs. Even for v6.
I don't think so - first, because IPv6 has more hooks for renumbering
than v4 (though
Keith,
At 10:02 PM 2/14/2001 -0500, Keith Moore wrote:
IPv6 does not solve the need to renumber if you change providers (and no,
not everyone can be a provider -- IPv6 uses CIDR, just like IPv4). Until
that issue is addressed, there will be NATs. Even for v6.
I don't think so - first,
IPv6 does not solve the need to renumber if you change providers (and no,
not everyone can be a provider -- IPv6 uses CIDR, just like IPv4). Until
that issue is addressed, there will be NATs. Even for v6.
I don't think so - first, because IPv6 has more hooks for renumbering
than
Dave,
Technogeeks, perhaps. The vast majority of people on the Internet who are
behind NATs most likely don't even know it.
With all the discussion of Napster and so-called "peer to peer" networking,
I think NATs are going to become far more visible to users as these
applications grow in
From: "David R. Conrad" [EMAIL PROTECTED]
IPv6 does not solve the need to renumber if you change providers ...
Until that issue is addressed, there will be NATs. Even for v6.
Oh, I can't resist:
It's completely appalling that when I move to a new house, my street address
In message [EMAIL PROTECTED], Scott Brim type
d:
Although address obfuscation through combining NAT with your firewall
can provide a small amount of additional security.
against which attacks ? it doesnt provide better privacy, or non
repudation, or access control, or any normal service
Jon, this is a nit, two digressions off the main thread, so I'll take it
off-list. More mail soon.
...Scott
On 4 Feb 2001 at 17:29 +, Jon Crowcroft apparently wrote:
In message [EMAIL PROTECTED], Scott Brim type
d:
Although address obfuscation through combining NAT with your
On Sat, Feb 03, 2001 at 10:50:08AM -0800, Grenville Armitage wrote:
Einar Stefferud wrote:
[..]
had my own home system and discovered that I had no interest in being
totally visible and accessible at all times, especially when I was
not always around to monitor things.
So,
Greg Minshall wrote:
absolutely. i was very happy when we moved from the previous world to the
(more or less pure) IP world.
i will be very happy when we move from the NAT world to the (more or less
pure) IPv6 world.
Greg (who wrote email gateways in a past life)
I think that it is a
Keith Moore wrote:
Ed,
We agree that the net has never been entirely homogeneous, and that it
would be a Bad Thing if people were forced to make their local nets
conform to someone's idea of the Right Way to do their networks.
Yes.
Thus, I have few problems with folks who want to use
Ed Gerck wrote:
[..]
Thus, we need to be able to cope with
diversity, not try to iron it out.
Depends why the diversity exists. Coping is the reaction
of people who feel they cannot change the underlying causes.
Apparently not everyone feels so powerless that NAT is their
only
Ed,
We agree that the net has never been entirely homogeneous, and that it
would be a Bad Thing if people were forced to make their local nets
conform to someone's idea of the Right Way to do their networks.
Thus, I have few problems with folks who want to use NATs within their
local networks
*
* In other words, that is why the Net never was and resists being be a homogeneous
* network. It would be a less efficient design.
But the lesson of the Internet is that efficiency is not the primary
consideration. Ability to grow and adapt to changing requirements is
the primary
Bob Braden wrote:
*
* In other words, that is why the Net never was and resists being be a homogeneous
* network. It would be a less efficient design.
But the lesson of the Internet is that efficiency is not the primary
consideration. Ability to grow and adapt to changing
BTW, a design that is too simple is not efficient, because it wastes
resources and does not allow what could otherwise be possible.
granted that there is such a thing as too simple an answer for
most design problems... but one can waste resources and be inflexible
much more easily by making
I too was a strong advocate and strongly disapproved of LANs that
were not openly connected with full capabilities to the net, until I
had my own home system and discovered that I had no interest in being
totally visible and accessible at all times, especially when I was
not always around to
On Thu, 01 Feb 2001 05:34:31 +0100, Sean Doran said:
"Hm, now let's see, a router on the 'outside' just sent back this
odd ICMP message. Whatever should I do with it?" may not be so
Given the unauthenticated nature of ICMP, this should give you pause.
I *already* get *enough* headaches with
Well, I don't think this is about midcom any more but something here
made my head hurt...
Ed Gerck wrote:
...
You miss at least one other possibility. If it is possible to develop
an addressing scheme that works in a heterogeneous network, then
we can have point-to-point functionality across
from some of the discussion, esp. yesterday, i had thoughts of deriving an
anti-NAT polemic and posting it. i planned on mentioning all of the other
brain-dead, obsolete technologies "we" (IP) had in the past ignored, and how
we had triumphed while they had died off.
i was thinking of things
[recipient list trimmed]
i guess if i think anything about all that, it is that if NATs are ubiquitous,
we should figure out how to deal with them.
perhaps. but I note that for many of the examples you quoted, "dealing
with them" was not nearly as nice as "not having to deal with them".
Dave Cheriton's TRIAD is an example of such a proposal.
Hilarie
Dave Crocker [EMAIL PROTECTED] 02/01/01 11:05AM
At 03:05 PM 1/31/2001 -0800, Ed Gerck wrote:
You miss at least one other possibility. If it is possible to develop
an addressing scheme that works in a heterogeneous network, then
On Thu, 2001.02.01, Hilarie Orman wrote:
Dave Cheriton's TRIAD is an example of such a proposal.
Hilarie
Dave Crocker [EMAIL PROTECTED] 02/01/01 11:05AM
At 03:05 PM 1/31/2001 -0800, Ed Gerck wrote:
You miss at least one other possibility. If it is possible to develop
an addressing
From: Keith Moore [EMAIL PROTECTED]
If this group takes the attitude that NATs are inherently broken and
that there's really no way to fix them in the long term without phasing
out the NAT part, it's much more likely to produce something useful
than if it tries to find a
In message [EMAIL PROTECTED], "J. Noel Chiappa" typed:
Keith, why don't you start an NAT-Haters mailing list, and take all this
disgust with NAT's there? (I'm quite serious about this.)
You seem to be having problems accepting that fact that NAT's are selling
several orders of magnitudes
Keith, why don't you start an NAT-Haters mailing list, and take all this
disgust with NAT's there? (I'm quite serious about this.)
Noel,
I expressed an opinion that this group should confine itself to addressing
short-term goals rather than trying to make NATs a part of the Internet
ietf-list folks:
Given that a single contribution to a WG's discussion (keeping entirely
within the charter) has resulted in multiple personal attacks, I felt
compelled to respond to this message. But as this discussion is really
specific to the midcom list, I've sent my full reply there.
Ed Gerck wrote:
Keith Moore wrote:
I expressed an opinion that this group should confine itself to addressing
short-term goals rather than trying to make NATs a part of the Internet
architecture.
NATs are already part of the Internet, and gaining share.
An alternate perspective
Bill Manning writes:
| and tosses it w/o any abilitiy to notify the originating
| party.
Why is it necessary that there be an inability to notify the
originating party? dkerr already proved it's cheep cheep cheep
to maintain some types of state even with lots of flows per second,
and the
The point being that if you have an arbitrary bunch of firewalls and
NATs between any two points, then you are forced into telephone-like
"call set-up" scenarios, which don't really scale to large groups,
specially when the application consists of sporadic messages to
arbitrary destinations.
stinations.
-Original Message-
From: Keith Moore [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 31, 2001 6:01 PM
To: Bill Manning
Cc: Keith Moore; David T. Perkins; Michael Richardson; [EMAIL PROTECTED]
Subject: Re: [midcom] WG scope/deliverables
e.g. it takes (at least) two to tango.
e.g. it takes (at least) two to tango... or peer.
"at least". yes.
Keith
HI,
On the list below, I believe that peer-to-peer applications like
napster can work in a NAT world. All you need is a registration
and rendezvous service to put the two peers together. This can
be part of the box that also provides the NAT service.
At 05:54 PM 1/31/2001 -0500, Michael
Keith Moore wrote:
I expressed an opinion that this group should confine itself to addressing
short-term goals rather than trying to make NATs a part of the Internet
architecture.
NATs are already part of the Internet, and gaining share.
I said this because I've looked at the problem
--- Keith Moore [EMAIL PROTECTED] wrote:
Keith, why don't you start an NAT-Haters mailing list, and take all this
disgust with NAT's there? (I'm quite serious about this.)
Noel,
I expressed an opinion that this group should confine itself to addressing
short-term goals rather than
case as opposed to peer-to-peer?
-Original Message-
From: David T. Perkins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 31, 2001 3:41 PM
To: Michael Richardson; [EMAIL PROTECTED]
Subject: Re: [midcom] WG scope/deliverables
HI,
On the list below, I believe that peer-to-peer
NAT's work for web surfing. No dispute here.
NAT's make the Internet into TV.
NAT's suck for napster-type applications.
It was napster like (e.g. peer-to-peer) things that made the Internet
popular. Based upon some data on "web ready cell phones" being used primarily
to send text
82 matches
Mail list logo