Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] DHCPv6-PD request
On 05/24/2016 07:07 PM, James Knott wrote:
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private
non-routable subnet that was really for "internal testing" . Yes a
distortion of intent but also a display of ingenuity on the part of
engineers and a gift to marketing. That it has delayed IPv6 is ....
yes, I'll grant you, an 'evil".

It's a hack that breaks many things. It was created to extend the life
of IPv4, by getting around the address shortage.

Ahm, not quite.
NAT is an untended consequence of RFC1918,
"Address Allocation for Private Internets"

To quote the original "Motivation

With the proliferation of TCP/IP technology worldwide, including
outside the Internet itself, an increasing number of non-connected
enterprises use this technology and its addressing capabilities for
sole intra-enterprise communications, without any intention to ever
directly connect to other enterprises or the Internet itself.

The intent of the NAT was secondary and was originally concerned with
simplifying an exponential explosion of routing.

As it happened, route aggregation, so as to manage the size & complexity
of routing tables, was solved by other means.


The wholesale adoption by service providers might be termed an "emergent
property" rather than the original planned intent.

Your explanation of "why NAT is evil" is way, way to complicated.
You could simply say that it breaks the supposition of many profols of
reciprocal point to point addressing.


Personally, I think that RFC1918 is poorly written and tries to say two,
perhaps three or more things at once without clearly differentiating
them. Its motivation and its conclusion are at odds with one another.


Your list of the things that NAT "breaks" is correct but for the mass of
users are irrelevant.

Mike Palpinsky, in other writings as well as his RFCs, advocated point
to point IPv4 so as to avoid 'translators'. As afar as the Ethernet LAN
is concerned, the IP protocol is less efficient than so e of the LAN
protocols of history: Novell's. "Lantastic" and other. But they are LAN
protocols and not rotatable. Yes, gateways were written for some of
them, particularly for email. In many ways those gateways or protocol
translators served the same function as NAT, they hid an internal,
non-routable network from the Internet at large.

You see NAT as something that breaks the Internet, James, since it uses
non-routeable addresses which, by definition, cannot permit host to host
addressing. Other people see it as the magic which allows their
private networks to make use of the Internet.

Others here have advocated DHCP loudly. For Joe Sixpack, a NAT router
is the definitive configuration plug and play. All his LAN devices get
DHCP addresses and the router itself gets a DHCP address from the ISP.
The issues you raise, IPSEC and setting up a server behind the NAT with
port forwarding are not for the Joe Sixpack. Anyone doing that kind of
thing is more technically sophisticated.

Any anyway, every NAT firewall I have also has VPN capability.
Strange that .... eh?






--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups