Mailinglist Archive: opensuse (1487 mails)
| < Previous | Next > |
Re: [opensuse] IPv6 & NAT [Was: 11.3 and ssh X forwarding not working]
- From: Anton Aylward <anton.aylward@xxxxxxxxxx>
- Date: Thu, 05 Aug 2010 13:21:57 -0400
- Message-id: <4C5AF335.7020401@xxxxxxxxxx>
James Knott said the following on 08/05/2010 10:18 AM:
LOL! FTP is more broken than NAT!
And while you or I might use the comand line, Joe Sixpack will use the
browser. The command line is what scares him away from Linux.
And? Of course it does, but then malware breaks your computer ...
There are plenty of things that 'violate protocol'. Some are needed for
society to function :-)
Yes. That's the point! From the POV of the people that use it for that
- the 'lazy firewall' that I spoke of - this is a BENEFIT. Joe Sixpack
doesn't _want_ all those nasty people out there, hackers, governments,
his kids friends, the IRS, reaching into his computer.
Are you talking about in or out?
Lets see: I have ISPs all over the world with mailboxes. I have a
machine behind a NAT router/firewall. My fetchmail (or Joe Sixpack's
Thunderbird) has no problem fetching mail from them by IMAP.
Incoming ... I keep my mail on one "mailhub". That's all I need an
incoming link to.
Like for example?
So you have no filtering? That scares me.
I hate to tell you, but when I was running an ISP in the early 1990s,
the domain authorities told me that. As an ISP we wanted a class B or
pretty much the reasons you describe. In reality we had to justify each
and every class C. We were told that we should suggest to our clients
that they use NAT.
The sky has been falling for 20+ years.
Haven't they just released on of the 'reserved' class A nets?
(And yes, I know this terminology is archaic, but its how they though
back then when this was set up and they were allocating them.)
Indeed. But then the IPprotocol itself is short sighted compared to
some others around that are more suited to high-speed streaming.
That isn't a failure of IPV4 so much as a demonstration of the success
of the Internet. Its grown beyond its design limits. I'm sure we'll
say the same about IPV6 when we have to deal with traffic to COMSATS and
the moon and Mars.
The dominance of NAT was never intended. Its 'success' and persistence
is due to marketing and the success of the Internet as a commercial medium.
You seem to think that I'm saying NAT is a good thing.
to be bought out by larger firms - the "American Success Story" - so
creating millionaires out of entrepreneurs) it has been a good thing.
Marketing is rarely interested in offering the technical Ne Plus Ultra
to start with. Just come up with something a bit better than the
competitor and leave some room for next year's model.
There's a lot of the world where the technically superior has failed to
make it when faced with a better marketed, more featured or more
acceptable to the user product.
All you say about the problems with NAT and the superiority of IPV6 are
100% correct and also 100% irrelevant to Joe Sixpack.
Its going to take someone who can come up with some marketing edge - OR
the Government issuing a DIRECTIVE THAT CANNOT BE IGNORED - before we
instantly discard IPV4 and NAT in favour of IPV6.
And do you really want the government - any government - dictating
network strategy?
--
The whole art of teaching is only the art of awakening the natural
curiosity of young minds for the purpose of satisfying it afterwards.
-- Anatole France (1844 - 1924), The Crime of Sylvestre Bonnard
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Anton Aylward wrote:
NAT doesn't 'break things'Try using ftp from the command line (not from a browser).
LOL! FTP is more broken than NAT!
And while you or I might use the comand line, Joe Sixpack will use the
browser. The command line is what scares him away from Linux.
Also, NAT violates the IETF
spec that says the source and destination are not supposed be changed,
which NAT has to do in order to work.
And? Of course it does, but then malware breaks your computer ...
There are plenty of things that 'violate protocol'. Some are needed for
society to function :-)
NAT also makes it awkward to reach computers behind the firewall.
Yes. That's the point! From the POV of the people that use it for that
- the 'lazy firewall' that I spoke of - this is a BENEFIT. Joe Sixpack
doesn't _want_ all those nasty people out there, hackers, governments,
his kids friends, the IRS, reaching into his computer.
For
example, to reach my imap server via IPv4, I have to configure my
firewall to specifically pass that traffic to that particular server.
Are you talking about in or out?
Lets see: I have ISPs all over the world with mailboxes. I have a
machine behind a NAT router/firewall. My fetchmail (or Joe Sixpack's
Thunderbird) has no problem fetching mail from them by IMAP.
Incoming ... I keep my mail on one "mailhub". That's all I need an
incoming link to.
That works OK for only one computer, but what happens when you want to
reach other computers with the same protocol?
Like for example?
On the other hand, I can
reach all my computers with their own addresses with IPv6.
So you have no filtering? That scares me.
At the moment, it appears all the IPv4 address blocks will be taken in
about a year.
I hate to tell you, but when I was running an ISP in the early 1990s,
the domain authorities told me that. As an ISP we wanted a class B or
pretty much the reasons you describe. In reality we had to justify each
and every class C. We were told that we should suggest to our clients
that they use NAT.
The sky has been falling for 20+ years.
Haven't they just released on of the 'reserved' class A nets?
(And yes, I know this terminology is archaic, but its how they though
back then when this was set up and they were allocating them.)
Pretending all
is well with IPv4 and NAT is extremely short sighted.
Indeed. But then the IPprotocol itself is short sighted compared to
some others around that are more suited to high-speed streaming.
In addition, the
current situation with IPv4 requires complex routing tables, which slows
down router performance at ISPs.
That isn't a failure of IPV4 so much as a demonstration of the success
of the Internet. Its grown beyond its design limits. I'm sure we'll
say the same about IPV6 when we have to deal with traffic to COMSATS and
the moon and Mars.
The dominance of NAT was never intended. Its 'success' and persistence
is due to marketing and the success of the Internet as a commercial medium.
You seem to think that I'm saying NAT is a good thing.
From the POV of some marketing people and small first that haveaddressed the needs of Joe Sixpack (and done well enough in the process
to be bought out by larger firms - the "American Success Story" - so
creating millionaires out of entrepreneurs) it has been a good thing.
Marketing is rarely interested in offering the technical Ne Plus Ultra
to start with. Just come up with something a bit better than the
competitor and leave some room for next year's model.
There's a lot of the world where the technically superior has failed to
make it when faced with a better marketed, more featured or more
acceptable to the user product.
All you say about the problems with NAT and the superiority of IPV6 are
100% correct and also 100% irrelevant to Joe Sixpack.
Its going to take someone who can come up with some marketing edge - OR
the Government issuing a DIRECTIVE THAT CANNOT BE IGNORED - before we
instantly discard IPV4 and NAT in favour of IPV6.
And do you really want the government - any government - dictating
network strategy?
--
The whole art of teaching is only the art of awakening the natural
curiosity of young minds for the purpose of satisfying it afterwards.
-- Anatole France (1844 - 1924), The Crime of Sylvestre Bonnard
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |