ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: myth of the great transition (was US Defense Department forma lly adopts IPv6)

2003-06-19 06:14:52
from [J. Noel Chiappa] [Permanent Link] 
    > From: Bob Braden <braden(_at_)ISI(_dot_)EDU>

    > Today, one must unfortunately question whether universal connectivity
    > can be sustained (or is even the right goal) in a networking
    > environment without universal trust. Maybe NATs are, in fact, a result
    > of a very deep problem with our architecture.

My take is that NAT's respond to several flaws in the IPv4 architecture:

- 1) Not enough addresses - this being the one that brought them into
        existence.
- 1a) Local allocation of addresses - a variant of the preceeding one, but
        subtly different; NAT's do allow you to allocate more addresses
        locally without going back to a central number allocation authority,
        which is very convenient.
- 2) Easy renumbering when switching ISP's - a benefit that only was realized
        later in time, but a significant one all the same - especially for
        those people who reckon that switching addresses is a really painful
        undertaking.

I don't really believe the rationale that they are useful as a firewall. For
one thing, most NAT boxes includes a real firewall (i.e. packet filtering
separate from the NAT functionality). I think that even if we had plenty of
addresses, people would still install boxes with firewall functionality at
the edges of their networks.

Which gets to your original point - "whether universal connectivity .. is
even the right goal .. in a networking environment without universal trust".
Which is an interesting and complex point, but I think one we can put off to
a separate discussion, because I think it's unrelated to the reasons that NAT
boxes have been a success. (It's also good to put if off because including it
will muddy the discussion water.)


    > If you accept that, then there is no point in attacking NATs until you
    > can propose a better architectural solution to the trust problem
    > (hopefully, there will be one!)

Well, not so much the trust problem, because I don't think that's what drove
NAT. But your basic point is a good one.

I think that if you look at the points I listed above, the market has clearly
decided that IPv4+NAT (for all its problems, with which people are I'm sure
reasonably familiar, given the many years NAT has been in service widely) is
the most cost-effective solution to providing them. The IETF really needs to
sit and ponder the implications of that.

        Noel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Layering purity Re: WG review: Layer 2 Virtual Private Networks (l2vpn), grenville armitage
Next by Date:  Re: myth of the great transition (was US Defense Department forma lly adopts IPv6), Keith Moore
Previous by Thread:  Re: myth of the great transition (was US Defense Department forma lly adopts IPv6), Valdis . Kletnieks
Next by Thread:  Re: myth of the great transition (was US Defense Department forma lly adopts IPv6), Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]