Large ISPs doing NAT?
Eliot Lear
lear at cisco.com
Wed May 1 21:55:02 UTC 2002
I don't know if this is an annual argument yet, but the frog is in the
pot, and the flame is on. Guess who's playing the part of the frog?
Answer: ISPs who do this sort of thing. Value added security is a nice
thing. Crippling Internet connections will turn the Internet into the
phone company, where only the ISP gets to say what services are good and
which ones are bad. While an ISP might view it appealing to be a baby
bell, remember from whence we all come: the notion that the middle should
not inhibit the endpoints from doing what they want. You find this to be
a support headache? Offer a deal on Norton Internet Security or some
such. Offer to do rules merges. Even offer a provisioning interface to
some access-lists. Just make sure that when that next really fun game is
delivered on a play station that speaka de IP your customers can play it,
and that you haven't built a business model around them not being able to
play it.
Eliot
mike harrison wrote:
>>On Monday, 2002-04-29 at 08:43 MST, Beckmeyer <beck at pacbell.net> wrote:
>>
>>>Is anybody here doing NAT for their customers?
>>
>
> Tony Rall:
>
>>If you're NATing your customers you're no longer an ISP. You're a
>>sort-of-tcp-service-provider (maybe a little udp too). NAT (PAT even more
>
>
> Depends on scale and application. We have lots of customers
> that we NAT, one way or another. And a lot more that we don't.
> Some customers WANT to 'just see out' and they like all the 'weird stuff
> turned off'. Sometimes it's a box at the customers end, sometimes
> it's nat'd IP's on the dial-up/ISDN/FracT1/T1/Wireless connection itself.
>
> Saying we are not an ISP because we do some NAT is a little harsh.
> Giving the customer options and making things work (when done right,
> and explained properly.... we have no sales droids) is good business
> and I think good for the 'net. It gives the clueless (and sometimes
> cluefull) just a little more isolation.
>
> What is wrong is NAT'ing when you should not.
>
>
>
>
More information about the NANOG
mailing list