> From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>
>> That means that i) NAT+v4 is here to stay, permanently, as the
>> packet-forwarding substrate on which we have to live, and ii) many
>> "solutions" to the "NAT problem" have a badly faulty key premise -
>> which is that the solution will fix IPv4's problems by replacing it.
> almost agree. NAT is here to stay on v4, and apps that work fine with
> NAT+v4 will continue to use NAT+v4 ..
> but I do see us building another network that uses the same layer 1-2
> links as the IPv4+NAT network but also provides an alternate layer 3.
In other words you buy into faulty premise #ii - "the solution will fix
IPv4's problems by replacing it".
Look, I understand the attraction of a single global namespace. I've designed
several myself (one for routing purposes, and another for naming endpoints),
and put a fair amount of work into each. So please take what I have to say
here (and said previously) seriously, because I'm saying it *in spite* of
what I'd like to see happen:
>> The notion of a system with a single, globally unique namespace at the
>> lowest level is a really nice one, one we had for a while - and *one
>> we think we can reclaim*. I now think we've been deluding ourselves;
>> that past .. is gone for good.
I'm not saying this because I *like* it (I positively *hate* it), I'm saying
it because it's the reality we have to deal with, and we can either deal with
it as best we can, or waste our time in dream-land.
> the reason I point out the flaws with NAT is not that I think we can
> get rid of them in v4. it's because some people are still of the belief
> that NATs are mostly harmless and that we should not only permit them
> into v6, but extend our architecture to embrace them.
Keith, that's not the only reason, and you know it. You want to point out to
people how screwed up NAT's are in the hope that they will be more inclined
to move *from* IPv4+NAT *to* your perfect future, one in which we once again
have a global namespace.
Well, we *won't* - we *aren't* going there.
There are too many people for whom IPv4+NAT works fine - and as for new
applications, as Daniel Senie pointed out, there are going to be two kinds of
applications/etc - those that work through NAT boxes, and some will succeed
in getting widely deployed, and those which don't work through NAT boxes,
which will *uniformly and inevitably* have a very much lower success level.
Look at IPSec and SSL. SSL works through a NAT box, and is basically
ubiquitous - every PC connected to the Internet uses it every day. I'll bet
the monthly (if not weekly) growth in the number of SSL users is larger than
the entire number of IPSec users.
IPv4+NAT, as ugly as it is, is the future. Now can we please stop sticking
our heads in the sand, and start dealing with that?
Noel