ietf
[Top] [All Lists]

Re: myth of the great transition (was US Defense Department forma lly adopts IPv6)

2003-06-18 11:56:39
similarly, people who install NAT usually don't realize how much this
costs them in lost functionality and reliability.
Really? You have evidence of this?

the evidence I have is from reading vendor advertisements for NAT boxes,
and from talking to people who run networks that use NAT.  it's not 
a random sample, perhaps not a statistically significant one, but it's
been enough to convince me personally that the delusion is widespread.

I don't either, but my intuition is that you're wrong.  Once you have
decided to have a firewall in place (which you may think is evil, but
I consider pretty much a necessary evil), I suspect that most people
suffer almost not at all from having a NAT.

depends on what you mean by "firewall"  (which these days is a pretty
vague term).  but there are several primary effects of NAT - one being
that addresses are not maintained end-to-end, another being that NATs
cause address-to-host bindings to be ephemeral when they would otherwise
not be, and another being that (for NAPTs anyway) attempts to initiate
traffic across the NAPT are blocked in one direction.  there is rarely
a significant benefit in a firewall doing the first two of these.  a good
firewall has the capability to block traffic in either direction, or not, on a
case-by-case basis, and can be adjusted according to the needs of its users. 




<Prev in Thread] Current Thread [Next in Thread>