James Knott wrote:
Per Jessen wrote:
And_that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage.
No, that's not all. As I mentioned, I have personally experienced NAT address clash, when using my VPN from a hotel, because they used the same address range as I did at home. When you do that, it becomes a "you can't get there from here" situation, because when you try to access a computer at the remoted end, your computer doesn't know it has to route through the VPN.
I can't personally blame NAT for that - the range of RFC1918 address is so vast that the risk of a clash is minimal - unless you choose to use a commonly used range. My VPN runs on 10.221.78.0/22.
There has also been mention of certain protocols that break.
I'm sure there are some, although I haven't heard of nor had any hard problems in that respect. Which, quite selfishly, makes me conclude that there aren't any _real_ problems.
Now, you tell me, what's so great about NAT, when you have sufficient addresses available to not require it? In that situation, it provides absolutely no benefit at all.
Correct - I haven't thought it through, but I think if I had had an IPv6 range and affordable IPv6-capable hardware six years ago when I was setting up my datacentre and office, I would never even had considered NAT. However, I had neither, nor did my external suppliers, and the cost of IPv4 address for plain office use was just not justifiable. All I'm saying is - don't start using NAT tomorrow if you aren't already, but if you're using it today, do carry on using it tomorrow too. -- Per Jessen, Zürich (18.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org