Where NAT disenfranchises the end-user ...
Jon Mansey
jon_mansey at verestar.com
Fri Sep 7 17:26:02 UTC 2001
It seems a pretty simple argument to me.
Do I want as many people using (and maybe _buying_, what a concept!)
my app as possible with the least amount of network clue and setup
headaches, or do I want to eliminate most of the corporate, SOHO,
cable, DSL, Linux population because I cant be bothered to develop my
app to be NAT-friendly.
Duh!
All the previous times this discussion has arisen here, I have
concluded that "real" IPs should only be owned and used by folks with
clue, everyone else gets a NATed IP. Discuss.
jm
> > > |> True... neither does a well-firewalled LAN.
>> >
>> > There is a substantial difference between broken access and controlled
>> > access.
>>
>> Yes, but there are plenty of apps that will not work if you do not leave
>> open large, arbitrary ranges of udp ports. This is fundamentally
>> incompatible with most sane firewalls. Or NAT.
>>
>> Why write a protocol that way? Just to prove NAT sucks?
>>
>> Charles
>
>
> No, because they were either written before NAT existed and
>tried hard to conform to the end2end principles of Internet Architecture
>or they were written after NAT existed and tried hard to conform to the
>end2end principles of Internet Architecture.
>
> NAT violates the end2end principles of the Internet Architecture
>by placing one or more policy abstraction layer(s) between the endpoints.
>
> That said, NAT is a tool in the tool box. I'd like to think that
>its worth the effort to try and recover true end2end.
>
>--bill
--
jon_mansey at verestar.com Chief Science Officer
------------------------------------------------------------------
Verestar Networks, Inc. http://www.verestar.com
1901 Main St. tel (310) 382 3300
Santa Monica, California 90405 fax (310) 382 3310
------------------------------------------------------------------
More information about the NANOG
mailing list