Home page logo

nanog logo nanog mailing list archives

Re: Where NAT disenfranchises the end-user ...
From: Jon Mansey <jon_mansey () verestar com>
Date: Fri, 7 Sep 2001 10:26:02 -0700

It seems a pretty simple argument to me.

Do I want as many people using (and maybe _buying_, what a concept!) my app as possible with the least amount of network clue and setup headaches, or do I want to eliminate most of the corporate, SOHO, cable, DSL, Linux population because I cant be bothered to develop my app to be NAT-friendly.


All the previous times this discussion has arisen here, I have concluded that "real" IPs should only be owned and used by folks with clue, everyone else gets a NATed IP. Discuss.


 > > |> True...  neither does a well-firewalled LAN.
 > There is a substantial difference between broken access and controlled
 > access.

 Yes, but there are plenty of apps that will not work if you do not leave
 open large, arbitrary ranges of udp ports.  This is fundamentally
 incompatible with most sane firewalls.  Or NAT.

 Why write a protocol that way?  Just to prove NAT sucks?


        No, because they were either written before NAT existed and
tried hard to conform to the end2end principles of Internet Architecture
or they were written after NAT existed and tried hard to conform to the
end2end principles of Internet Architecture.

        NAT violates the end2end principles of the Internet Architecture
by placing one or more policy abstraction layer(s) between the endpoints.

        That said, NAT is a tool in the tool box.  I'd like to think that
its worth the effort to try and recover true end2end.



jon_mansey () verestar com                      Chief Science Officer
Verestar Networks, Inc.                    http://www.verestar.com
1901 Main St.                                   tel (310) 382 3300
Santa Monica, California 90405                  fax (310) 382 3310

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]