Common operational misconceptions
Owen DeLong
owen at delong.com
Fri Feb 17 04:48:04 UTC 2012
On Feb 16, 2012, at 5:11 PM, Masataka Ohta wrote:
> Andreas Echavez wrote:
>
>> *Why disabling ICMP doesn't increase security and only hurts the web* *(path
>> MTU discovery, diagnostics)
>
> That PMTUD works is a misconception.
>
It actually works where people have not made active efforts to break it.
>> *How NAT breaks end-to-end connectivity (fun one..., took me
>> hours to explain to an old boss why doing NAT at the ISP level
>> was horrendously wrong)
>
> That's another misconception.
>
> While NAT breaks the end to end connectivity, it can be
> restored by end systems by reversing translations by NAT,
> if proper information on the translations are obtained
> through some protocol such as UPnP.
>
Sigh... NAT is a horrible hack that served us all too well in address conservation. Beyond that, it is merely a source of pain.
Owen
More information about the NANOG
mailing list