"Steven M. Bellovin" wrote:
In message
<200012180225(_dot_)VAA22463(_at_)ginger(_dot_)lcs(_dot_)mit(_dot_)edu>, "J.
Noel Chiappa" writes
:
I mean, I can understand it is a temporary thing, e.g. if one company buys
another, and in gluing the networks together they temporarily leave the
bought company behind a NAT, but interface it to the world via the main
corporation's gateway/NAT. But using a NAT box adds a ration of complexity
(which is always bad and a source of potential problems), and using layers of
them increases the complexity, with attendant complexity costs. I have a hard
time understanding why people would add that much complexity, without a
darned good reason.
I mean, once you're behind a NAT box, you've got a *lot* of addresses to play
with (how many, exactly, depends on how you're doing it). This is puzzling to
me - what configurations are there out there that demand more address space,
internally, than you already get with one layer of NAT box? Or is there some
other reason I haven't figured out to have layers of address space?
Generally, this happens not because of an address shortage, but because
of unforeseen interconnections between NATted sites.
I'd read that RIPE is at least making micro-allocations available. The
ability to get a few /27 allocations can REALLY help in cross-connecting
corporations which find themselves needing private interconnects. These
micro-allocations are not routed globally, but rather are used to ensure
unique numbers are available for private interconnects.
ARIN would do well to offer such at low cost. Or perhaps someone should
gather up a bunch of allocated /24 nets which have been out there and
aren't in use, and set up an interconnect registry to hand out /27s or
/29s and rent them to those who need this type of private interconnect.
--
-----------------------------------------------------------------
Daniel Senie dts(_at_)senie(_dot_)com
Amaranth Networks Inc. http://www.amaranth.com