Home page logo
/

nanog logo nanog mailing list archives

RE: Where NAT disenfranchises the end-user ...
From: Jim Shankland <nanog () shankland org>
Date: Thu, 6 Sep 2001 22:49:24 -0700


Tony Hain writes:

Roeland Meyer wrote:

...
Then consider that most developers are NOT network engineers. 
They expect the network to *be there*, period.

Or more completely, they expect the network to be transparent
so that every port at the destination IP address connects to 
the same machine, and there is no operational restriction on 
which end initiates the communication. 

Nicely put.  Of course, that model does not correspond to reality, nor
is it ever likely to.  Traffic is always going to be controlled,
filtered, redirected, and translated at administrative boundaries.
Global, packet-level, end-to-end connectivity is dead, until somebody
comes up with a compelling argument for why a Windows PC in an
Internet cafe in Sofia, Bulgaria needs unfettered, packet-level access
to a Coke machine in a break room at Sun Microsystems in Palo Alto.
Like the battleship that radios a request for the lighthouse to move
out of its way, detractors of NAT seem to be waiting for the world to
modify itself to accomodate their end-to-end model.

Eric Hall <ehall () ehsco com> has expressed the position succinctly:

The fact is that I can write an Internet-compliant application in
about two minutes that will break every NAT ever sold, simply because
they don't have a proxy for the protocol. NATs violate fundamental
Internet principles.

Many stupid things can be done in about two minutes.  This particular
fundamentalist tenet has been at odds with reality since the first
firewall was installed, and will only become more so.

Jim Shankland


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]