Where NAT disenfranchises the end-user ...

Jim Shankland nanog at shankland.org
Fri Sep 7 05:49:24 UTC 2001


Tony Hain writes:

> Roeland Meyer wrote:
> 
> > ...
> > Then consider that most developers are NOT network engineers. 
> > They expect the network to *be there*, period.
> 
> Or more completely, they expect the network to be transparent
> so that every port at the destination IP address connects to 
> the same machine, and there is no operational restriction on 
> which end initiates the communication. 

Nicely put.  Of course, that model does not correspond to reality, nor
is it ever likely to.  Traffic is always going to be controlled,
filtered, redirected, and translated at administrative boundaries.
Global, packet-level, end-to-end connectivity is dead, until somebody
comes up with a compelling argument for why a Windows PC in an
Internet cafe in Sofia, Bulgaria needs unfettered, packet-level access
to a Coke machine in a break room at Sun Microsystems in Palo Alto.
Like the battleship that radios a request for the lighthouse to move
out of its way, detractors of NAT seem to be waiting for the world to
modify itself to accomodate their end-to-end model.

Eric Hall <ehall at ehsco.com> has expressed the position succinctly:

> The fact is that I can write an Internet-compliant application in
> about two minutes that will break every NAT ever sold, simply because
> they don't have a proxy for the protocol. NATs violate fundamental
> Internet principles.

Many stupid things can be done in about two minutes.  This particular
fundamentalist tenet has been at odds with reality since the first
firewall was installed, and will only become more so.

Jim Shankland



More information about the NANOG mailing list