At 01:31 AM 6/19/2003, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Wed, 18 Jun 2003 22:19:12 PDT, Eric Rescorla said:
> You've got it absolutely backwards. The fact that the NAT breaks
> that I don't want to run anyway is a FEATURE, not a bug.
And the fact that NAT breaks things that you DO want to run is a <?>
> > And unfortunately, a lot of the Just Does Not Work stuff are applications
> > like H.323 and VOIP that Joe Sixpack actually *might* be interested in.
> Ah, the eternal lament of the technocrat who can't understand why the
> customers don't want what he knows is so obviously good for them.
No, the lament of a technocrat who can't deploy things that customers DO want
because NAT breaks them.
Find a user. See if they'd be interested in video or voice over IP. Watch
them say "ooh... that sounds cool". Then tell them it would be unreliable
and you could only use it to talk to other users some of the time, because
a lot of users are on these things called NATs, and watch enthusiasm wane.
Find innovative company that finds a way to make VOIP work across NAT
boxes. Watch them collect lots of customers (example: www.vonage.com).
The NAT working group produced a number of documents. Some explained the
limitations, while one explained to application writers how to live in the
real world that includes NATs. Read RFC 3235.
A $50 NAPT box (using terminology from the NAT WG's terminology RFC)
provides sufficient firewalling and purposeful interruption of applications
for the typical DSL or cable modem user. It runs somewhere OTHER than on
the user's computer, so when a virus gets in and tries to disable the
user's firewall software, less damage is done.
If you have users who want/need services that you can't manage to make
function over NAT, then buy those folks a higher grade of access. The
reality of the marketplace is broadband connections generally have
inexpensive NAPT/router boxes. That's been driven by the economics of the
service model. In great measure the service agreement with broadband
vendors also stipulates users are not permitted to run servers. If you
don't like the model, buy service elsewhere.
Sadly, the IETF seems to find ways to generate immense amounts of heat over
NAT, while sticking its collective head in the sand with regards to
activity in the marketplace. If the organization wishes to retain ANY
relevance, it will have to find a way to deal with reality.