In message <3A8C692B(_dot_)8A68420E(_at_)nma(_dot_)com>, Ed Gerck writes:
"Steven M. Bellovin" wrote:
In message <3A8C196C(_dot_)197E510(_at_)nma(_dot_)com>, Ed Gerck writes:
Actually, in the UK you can do just what you wish ;-)
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location, provided
there is no conflict. This seems to be more similar to the
notion of using an IP number as a name -- but isn't this
why we need DNS? ;-)
And if you move from London to Belfast, this will still work?
In the UK, as I said. I would think that other countries may have
a similar system. Note that this is a natural example of NAT,
in which the post office is doing the address translation to a local
address that only that post office knows, but which is globally
reachable through that post office. And the post office does so
without changing the global addresses or the local addresses.
Last I checked, Belfast was in the UK, though I realize that some folks
wish it were not so. But you missed my point -- as you note above, the
house name is known to "that post office". In other words, there is
hierarchy in the routing algorithm; it's not globablly known, or even
known throughout the UK. The same is true of the Internet, and it's
why IP addresses aren't portable.
I don't want to be philosophical about this, but IMO this example
actually supports the view that NATs are naturally occuring solutions
to provide for local flexibility without decreasing global connectivity.
The Internet NAT is perhaps less an "invention" than a translation of
an age old mechanism that we see everywhere. We use the same
principle for nicknames in a school for example.
IMO, it is thus artificial to try to block Internet NATs. Far better would be
to define their interoperation with other network components that we also
need to use, in each case.
Block them? Not at all; I have no desire to do that. But we need to
recognize that *with the current Internet architecture*, there are some
inherent limitations. To use your analogy, suppose that senders
sometimes wrote their house name on the letter enclosed in the envelope
-- but they didn't include the post office name, so the recipient
couldn't reply. Or imagine that the Post Office only kept track of
house names when there was a recent outgoing letter. That's the
reality of NAT today.
Please pay careful attention to two things I did *not* say. I did
*not* say that NATs were an irrational engineering choice in today's
environment. In fact, they clearly are rational in some circumstances,
despite their disadvantages. Second, I didn't say that one couldn't
have designed an Internet architecture with nested addresses. Quite
obviously, that could have been done. But it wasn't, and we have an
Internet that likes single, fixed-length addresses. NATs are at best
an ugly add-on in such a world. (My personal techo-religion preaches
that *all* successful systems run out of address space, and that you're
better off planning for it up front. I (among others) argued strongly
for IPv6 addresses of 8, 16, 24, or 32 bytes, precisely to plan ahead.
In fact, the penultimate design called for fixed-length, 8-byte
addresses. The switch to 16 bytes was done to satisfy those of us who
feared that that was not nearly enough.)
--Steve Bellovin, http://www.research.att.com/~smb