On Oct 8, 2010, at 12:31 PM, Dave Cridland wrote:
On Fri Oct 8 17:10:56 2010, Keith Moore wrote:
Except that neither middleboxes in general nor NATs in particular were a
direct result of the decision to adopt IPv6. NATs were not originally
driven by a shortage of IPv4 addresses. In the consumer market they were
driven by what came to be a de facto standard of one IP address per
customer, due partially to this assumption being widespread within IETF
itself. In the enterprise network space they were initially driven by a
misguided notion that having private addresses would produce better network
security. In both cases the adoption of NATs was largely a consequence of
IETF's failure to produce and adhere to a comprehensive plug-and-ping
Oh, I think there's rather more than that.
Of course there is, but I was trying to be brief.
Initially, NATs came about because enthusiasts found that it was
prohibitively expensive to get a routed block down a modem - the ISPs treated
you like a business customer, and charged accordingly.
But part of that was because single-address-per-customer (or dialin session)
was naturally a commodity service, while routing a block down a modem was
something that required special-case handling at the ISP. And I think it's
fair to say that that was the assumption in IETF also. I don't recall any
efforts toward autoconfiguration of networks then, particularly not for those
connected via point-to-point links. It's hard to not blame the ISPs for
wanting to charge differently for one-address dialin vs. other accounts that
required more customization, setup, and support on their part.
As NATs drifted into the enterprise, there was a security angle, but there
was also a renumbering angle that still hasn't gone away. This is, in no
small part, because the only way to refer to an arbitary network is via the
addressing - actual hosts are largely dealt with by a combination of DHCP and
DNS. (As a random thought, if there was a CIDR DNS RR, I wonder if this may
Not sure what you mean by a CIDR DNS RR, but I hope it's nothing like A6 / DPTR
There is occasional rumblings within the IETF to address this, but given NATs
have to some extent removed the bulk of the pain, I'm not sure there's
sufficient motivation to solve all the issues.
And there's always considerable pressure on and within IETF to "just embrace
NAT" for this.
So currently, a NAT provides:
- A degree of de-facto firewalling for everyone.
- An immunity to renumbering for enterprises.
- Fully automated network routing for ISPs.
If technologies could be introduced to tackle especially the last two, I
think the advantages of NATs would vanish.
But the "NATs are good" mentality would still be widespread. Old timers hate
to learn how to use new tools, even if the old tools are crap.
Ietf mailing list