On 05/24/2016 07:07 PM, James Knott wrote:
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private non-routable subnet that was really for "internal testing" . Yes a distortion of intent but also a display of ingenuity on the part of engineers and a gift to marketing. That it has delayed IPv6 is .... yes, I'll grant you, an 'evil".
It's a hack that breaks many things. It was created to extend the life of IPv4, by getting around the address shortage.
Ahm, not quite. NAT is an untended consequence of RFC1918, "Address Allocation for Private Internets" To quote the original "Motivation
With the proliferation of TCP/IP technology worldwide, including outside the Internet itself, an increasing number of non-connected enterprises use this technology and its addressing capabilities for sole intra-enterprise communications, without any intention to ever directly connect to other enterprises or the Internet itself.
The intent of the NAT was secondary and was originally concerned with simplifying an exponential explosion of routing. As it happened, route aggregation, so as to manage the size & complexity of routing tables, was solved by other means. The wholesale adoption by service providers might be termed an "emergent property" rather than the original planned intent. Your explanation of "why NAT is evil" is way, way to complicated. You could simply say that it breaks the supposition of many profols of reciprocal point to point addressing. Personally, I think that RFC1918 is poorly written and tries to say two, perhaps three or more things at once without clearly differentiating them. Its motivation and its conclusion are at odds with one another. Your list of the things that NAT "breaks" is correct but for the mass of users are irrelevant. Mike Palpinsky, in other writings as well as his RFCs, advocated point to point IPv4 so as to avoid 'translators'. As afar as the Ethernet LAN is concerned, the IP protocol is less efficient than so e of the LAN protocols of history: Novell's. "Lantastic" and other. But they are LAN protocols and not rotatable. Yes, gateways were written for some of them, particularly for email. In many ways those gateways or protocol translators served the same function as NAT, they hid an internal, non-routable network from the Internet at large. You see NAT as something that breaks the Internet, James, since it uses non-routeable addresses which, by definition, cannot permit host to host addressing. Other people see it as the magic which allows their private networks to make use of the Internet. Others here have advocated DHCP loudly. For Joe Sixpack, a NAT router is the definitive configuration plug and play. All his LAN devices get DHCP addresses and the router itself gets a DHCP address from the ISP. The issues you raise, IPSEC and setting up a server behind the NAT with port forwarding are not for the Joe Sixpack. Anyone doing that kind of thing is more technically sophisticated. Any anyway, every NAT firewall I have also has VPN capability. Strange that .... eh? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org