On 05/24/2016 08:16 PM, Anton Aylward wrote:
On 05/24/2016 07:07 PM, James Knott wrote:
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private non-routable subnet that was really for "internal testing" . Yes a distortion of intent but also a display of ingenuity on the part of engineers and a gift to marketing. That it has delayed IPv6 is .... yes, I'll grant you, an 'evil". It's a hack that breaks many things. It was created to extend the life of IPv4, by getting around the address shortage. Ahm, not quite. NAT is an untended consequence of RFC1918, "Address Allocation for Private Internets"
To quote the original "Motivation
With the proliferation of TCP/IP technology worldwide, including outside the Internet itself, an increasing number of non-connected enterprises use this technology and its addressing capabilities for sole intra-enterprise communications, without any intention to ever directly connect to other enterprises or the Internet itself. The intent of the NAT was secondary and was originally concerned with simplifying an exponential explosion of routing.
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT. A private address is just that, it doesn't connect to anything. NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is.
As it happened, route aggregation, so as to manage the size & complexity of routing tables, was solved by other means.
Whether you have one address or a block of addresses, the routing is much the same. Aggregation was necessary because no thought was given to routing efficiency when the IPv4 address blocks were handed out. The current trend of selling surplus IPv4 address blocks will only make this worse. On the other hand, IPv6 addresses are handed out geographically, so that all the addresses in one part of the world will have a common route from another part.
The wholesale adoption by service providers might be termed an "emergent property" rather than the original planned intent.
Your explanation of "why NAT is evil" is way, way to complicated. You could simply say that it breaks the supposition of many profols of reciprocal point to point addressing.
Personally, I think that RFC1918 is poorly written and tries to say two, perhaps three or more things at once without clearly differentiating them. Its motivation and its conclusion are at odds with one another.
Your list of the things that NAT "breaks" is correct but for the mass of users are irrelevant.
Funny you should mention that. I recently watched a video by someone on Microsoft's XBOX team, talking about the problems NAT causes for games and how the XBOX will always try to use IPv6, even if it has to set up a tunnel to do so. It will only use IPv4 as a last resort.
Mike Palpinsky, in other writings as well as his RFCs, advocated point to point IPv4 so as to avoid 'translators'. As afar as the Ethernet LAN is concerned, the IP protocol is less efficient than so e of the LAN protocols of history: Novell's. "Lantastic" and other. But they are LAN protocols and not rotatable. Yes, gateways were written for some of them, particularly for email. In many ways those gateways or protocol translators served the same function as NAT, they hid an internal, non-routable network from the Internet at large.
Ummm... Novell's IPX, not Lantastic was routable, along with Apple Talk.
You see NAT as something that breaks the Internet, James, since it uses non-routeable addresses which, by definition, cannot permit host to host addressing. Other people see it as the magic which allows their private networks to make use of the Internet.
It allows their private networks to share one address and that's all it does, in it's favour.
Others here have advocated DHCP loudly. For Joe Sixpack, a NAT router is the definitive configuration plug and play. All his LAN devices get DHCP addresses and the router itself gets a DHCP address from the ISP. The issues you raise, IPSEC and setting up a server behind the NAT with port forwarding are not for the Joe Sixpack. Anyone doing that kind of thing is more technically sophisticated.
All IPv6 devices can use SLAAC or DHCPv6. No configuration either way.
Any anyway, every NAT firewall I have also has VPN capability. Strange that .... eh?
Actual VPN support? Or just pass through? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org