Common operational misconceptions

Owen DeLong owen at
Fri Feb 17 04:48:04 UTC 2012

On Feb 16, 2012, at 5:11 PM, Masataka Ohta wrote:

> Andreas Echavez wrote:
>> *Why disabling ICMP doesn't increase security and only hurts the web* *(path
>> MTU discovery, diagnostics)
> That PMTUD works is a misconception.

It actually works where people have not made active efforts to break it.

>> *How NAT breaks end-to-end connectivity (fun one..., took me
>> hours to explain to an old boss why doing NAT at the ISP level
>> was horrendously wrong)
> That's another misconception.
> While NAT breaks the end to end connectivity, it can be
> restored by end systems by reversing translations by NAT,
> if proper information on the translations are obtained
> through some protocol such as UPnP.

Sigh... NAT is a horrible hack that served us all too well in address conservation. Beyond that, it is merely a source of pain.


More information about the NANOG mailing list