Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
the evidence I have is from reading vendor advertisements for NAT
boxes, and from talking to people who run networks that use NAT.
it's not a random sample, perhaps not a statistically significant
one, but it's been enough to convince me personally that the
delusion is widespread.
You can perhaps understand why I wouldn't consider this a particularly
convincing line of argument.
of course. but you can perhaps understand why I don't consider your
intiution to the contrary convincing either?
Yes, but I'm not the one calling widely sold and deployed network
devices "Denial of service attacks".
depends on the people. the people I work with want to run large-scale
distributed computing problems. other people want to use SIP to support
internet telephony or for some other purpose. others want to use
IPsec... yes there are workarounds for many of these, but they have to
be invented on a case-by-case basis, and often they're expensive.
I don't know enough about how you're doing your distributing computing
to have an opinion, but as for the other two... In my experience,
IT managers are pretty unhappy punching holes in their firewalls
for incoming SIP and IPsec, whether they run NAT or not. I'm
not sure that NAT is much of an impediment in these cases.
The bottom line here is what economists call "revealed preference".
People buy NATs and install them. I suppose it's possible that all
those people are stupid and the marginal utility of a NAT box is
actually negative, but that seems like a claim that would require some
pretty strong evidence.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]
Web Log: http://www.rtfm.com/movabletype