Yeah, but this was the point. Where is the community consensus
document that says all this?
Spencer
----- Original Message -----
From: "Anthony G. Atkielski" <anthony(_at_)atkielski(_dot_)com>
To: "IETF Discussion" <ietf(_at_)ietf(_dot_)org>
Sent: Tuesday, December 02, 2003 6:55 AM
Subject: Re: arguments against NAT?
Zefram writes:
My question for the list is is there a web page or
other document anywhere that comprehensively states
the case against NAT?
If your new administrator is of the type who fixes things that
aren't
broken, it may be the admininistrator that needs replacement, not
the
network configuration.
As you point out, you aren't short on address space (the primary
reason
for NAT). Security is not a problem for NAT, since any good netadmin
is
going to know how to block and route traffic with routers,
firewalls,
proxies, etc., to avoid problems. Too bad if it is time-consuming
...
that's what he is being paid for, so he can't complain.
Admininstrative convenience is not a reason, either. If
admininstration
were that convenient, his position would be redundant. In any case,
restructuring an entire network so that one can spend more time
playing
Doom in one's cube is a very poor justification for the operation.
NAT has obvious disadvantages. The Internet is not designed to
address
multiple machines with one IP address, and lots of things will break
when NAT is in place. Incoming machine-specific traffic is the major
problem. Chat and instant messaging services will fail, and there is
no
way to get them to work with NAT. Streaming services may fail as
well.
NAT can compromise point-to-point security. Overall it's a clever
but
nasty kludge that I cannot see implementing if it isn't required.
It
works for SOHO configurations with just one public IP address and
the
like, but it seems like a very poor idea for any organization that
doesn't have an address shortage.
_______________________________________________
This message was passed through
ietf_censored(_at_)carmen(_dot_)ipv6(_dot_)cselt(_dot_)it,
which is a sublist of ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are
passed.
Decisions on what to pass are made solely by IETF_CENSORED ML
Administrator (ietf_admin(_at_)ngnet(_dot_)it).