Where NAT disenfranchises the end-user ...

Circusnuts Circusnuts at home.com
Sun Sep 9 13:21:54 UTC 2001


Yep- NAT showed up in Cisco IOS in the 11.2 version.  I am definitely not an
expert on this subject, but a couple of things come to mind when running
through these posts:

NAT is almost always (or needs to be) configured in an overload state (or
PAT).  If your NAT pool should become to small for your users (good rule of
10 users to 1 IP), you can always check the translation statistics & start
to move you pool accordingly.  Unless I'm missing some sort of breach with
the occasional port table (when overload begins) it works quite well with
users heading to the Internet.

As far as the history of NAT, it's a band aide that offers some security
(sucks to trouble shoot @ times too).  NAT is a selling tool today for home
users & ISP's that don't want to cough up addresses.  As soon as IPV6 comes
online, NAT will offer almost no value add.

.02
Phil


----- Original Message -----
From: "Adam McKenna" <adam-nanog at flounder.net>
To: "NANOG (E-mail)" <nanog at merit.edu>
Sent: Friday, September 07, 2001 3:31 AM
Subject: Re: Where NAT disenfranchises the end-user ...


>
> On Thu, Sep 06, 2001 at 10:29:21PM -0700, Roeland Meyer wrote:
> >
> > |> From: Eric A. Hall [mailto:ehall at ehsco.com]
> > |> Sent: Thursday, September 06, 2001 9:49 PM
> >
> > |> > "Charles Sprickman" <spork at inch.com>
> > |>
> > |> > NAT has it's place, and we have many happy customers that are quite
> > |> > pleased with their NAT'd connections; some simple, some fancy.
> > |>
> > |> NATs are a band-aid.
> >
> > ip_masq started out as a cheap way to cheat ISPs that wouldn't allocate
IP
> > addrs to dial-up users (home users have no need for a LAN?), or wanted
to
> > charge an arm'n'leg for every IP addr. This irked the Linux community
> > sufficiently that they wrote a "cure". Unfortunately, the popularity of
the
> > "cure" superceded the need.
>
> Erm, sorry, but NAT was alive and well on Cisco routers long before it was
in
> the Linux kernel.
>
> --Adam
>
> --
> Adam McKenna <adam at flounder.net>   | GPG: 17A4 11F7 5E7E C2E7 08AA
> http://flounder.net/publickey.html |      38B0 05D0 8BF7 2C6D 110A
>




More information about the NANOG mailing list