Common operational misconceptions
owen at delong.com
Fri Feb 17 04:48:04 UTC 2012
On Feb 16, 2012, at 5:11 PM, Masataka Ohta wrote:
> Andreas Echavez wrote:
>> *Why disabling ICMP doesn't increase security and only hurts the web* *(path
>> MTU discovery, diagnostics)
> That PMTUD works is a misconception.
It actually works where people have not made active efforts to break it.
>> *How NAT breaks end-to-end connectivity (fun one..., took me
>> hours to explain to an old boss why doing NAT at the ISP level
>> was horrendously wrong)
> That's another misconception.
> While NAT breaks the end to end connectivity, it can be
> restored by end systems by reversing translations by NAT,
> if proper information on the translations are obtained
> through some protocol such as UPnP.
Sigh... NAT is a horrible hack that served us all too well in address conservation. Beyond that, it is merely a source of pain.
More information about the NANOG