Anton Aylward wrote:
James Knott said the following on 09/09/2010 04:50 PM:
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:22 PM:
As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
+1
Or perhaps our understanding of the implications of NAT cause us to oppose it.
NAT is a hack that's used to get around the shortage of IP addresses and in the process violates IP specs that addresses shouldn't be tampered with and it also breaks some things.
How little you know abut history. The original 'RFC1918 considered harmful" (actually "RFC 1627 - Network 10 Considered Harmful") dates from 1994. That's 26 years ago.
http://www.packetizer.com/rfc/rfc1918/ Please note that this is tagged as a "best current practice" and as "Obsoletes: 1627, 1597"
However it replicates the wording of RFC1597 in many places.
Yes, there were panics about address exhaustion that long ago. And a lot of other nonsense, if you recall, like running out of oil.
The justification for "Network 10" - what we now call NAT'ing, read:
<quote src="RFC1597, RFC1918"> Hosts within enterprises that use IP can be partitioned into three categories:
- hosts that do not require access to hosts in other enterprises or the Internet at large;
- hosts that need access to a limited set of outside services (e.g., E-mail, FTP, netnews, remote login) which can be handled by application layer gateways;
- hosts that need network layer access outside the enterprise (provided via IP connectivity);
- hosts within the first category may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises.
For many hosts in the second category an unrestricted external access (provided via IP connectivity) may be unnecessary and even undesirable for privacy/security reasons. Just like hosts within the first category, such hosts may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises.
Only hosts in the last category require IP addresses that are globally unambiguous.
Many applications require connectivity only within one enterprise and do not even need external connectivity for the majority of internal hosts. In larger enterprises it is often easy to identify a substantial number of hosts using TCP/IP that do not need network layer connectivity outside the enterprise. </quote>
The case that Bob Moskowitz (http://htt-consult.com/bio.html) and others made back then still has validity today. The issue isn't that "NAT breaks the IP protocols" so much as there are situations where it doesn't matter.
IPv6 may be a good thing, but this slagging of NAT is not necessary. There are and there will continue to be good reasons or people to use NAT.
I will go so far as to predict that even with IPv6in place, there will be something like "network 10" - private address spaces, and hence something like NAT. Its just too convenient to have addresses that cannot be - will not be - routed.
<quote> An enterprise that decides to use IP addresses out of the address space defined in this document can do so without any coordination with IANA or an Internet registry. The address space can thus be used by many enterprises. Addresses within this private address space will only be unique within the enterprise. </quote>
Its a pity that James' enthusiasm for IPv6 is matched by such intolerance of the useful aspects of NAT and the conditions under which "network 10" has been beneficial to corporations and individuals.
<quote> In order to use private address space, an enterprise needs to determine which hosts do not need to have network layer connectivity outside the enterprise in the foreseeable future. Such hosts will be called private hosts, and will use the private address space defined above. Private hosts can communicate with all other hosts inside the enterprise, both public and private. However, they cannot have IP connectivity to any external host. While not having external network layer connectivity private hosts can still have access to external services via application layer relays. </quote>
That's the kind of process that IT regularly performs. Risk Analysis and Needs Analysis.
<quote> 4. Advantages and Disadvantages of Using Private Address Space
The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required.
Enterprises themselves also enjoy a number of benefits from their usage of private address space: They gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. </quote>
Well, lets face it, does you network printer really need to be "globally connected"?
Please note: I am no denigrating IPv6 or saying that one _should_ use NAT. Nor am I saying that NAT should be forced on organizations to further (asymptotically) delay the exhaustion of the IPv4 address space. I *am* saying that slagging NAT is not a good argument in favour of IPv6. I am saying that blithely asserting that universal connectivity is an argument or IPv6 ignores the reality of the needs of business and of domestic users. I am saying that blithely asserting that you can configure a firewall to allow domestic the benefits of NAT - that is restricting universal connectivity - ignores the reality of how poorly many firewalls are already configured and the lack of such expertise in the domestic market.
"NAT breaks things". Yes. It was meant to. Lets make that quite clear. RFCs 1597 and 1918 make that quite clear and are unambiguous about the purpose and benefits
These links were provided earlier. Please read them. http://www.cs.utk.edu/~moore/what-nats-break.html http://www.faqs.org/rfcs/rfc1627.html -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org