ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: arguments against NAT?

2003-12-02 12:53:02
from [Joe Touch] [Permanent Link] 


Melinda Shore wrote:
...

I'm not sure if you're arguing that there should be a comprehensive
document presenting the technical problems introduced by NATs.  I
suspect there should be, although frankly this is one particular
area where there's a clear and growing divide between this community
and the network administrator community (particularly enterprise
and residential).  We've known about these problems for a very
long time and the argument that these problems are a serious impediment
to network {stability,robustness,whathaveyou} have not been accepted
by the people who deploy real networks.

At this point I really don't think it's the case that we haven't
made the argument well, or at sufficient volume.  People who put NATs
in their networks are usually responding to immediate or perceived
needs, and I think it's frequently, if not mostly, the case that they
understand what they're doing and simply don't have the luxury of
being able to worry about the longer-term implications.  In that
context our arguments are sometimes perceived as condescending and
out-of-touch.  Because of that it becomes difficult for the "NATs
cause problems" position to become sufficiently widely accepted to
overcome the conventional wisdom that NATs provide security, etc.
I imagine we're going to be running into a similar situation with the
mad use of tunnels in the not-too-distant future.

Melinda
One of the arguments in favor of NATs has been efficacy - we have them, they're cheap, and when they work they work well and with no configuration.
Since we've been lacking a similar non-NAT solution, we (ISI) built one called TetherNet, as posted earlier: 
http://www.isi.edu/tethernet
The other argument in favor of NATs is that they already exist, so we have to live with them. TetherNet takes a contrary approach, undoing the NAT-ing instead.
FWIW, the "seriousness of the impediments" (Michael Py) are felt wherever NATs are deployed. Things break - in various NATs, these 'things' include L2TP to secure email access, VoIP/teleconferencing, FTP, and many services that rely on servers on the local machine (e.g., Compaq's automated software update system). Other, less serious problems include stalled or very slow web and telnet connections. These breakages are often misattributed to host, router or DNS misconfiguration, OS glitches, or the network being down. Those who don't know better just live with a flakey or slow network. 

Joe
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: arguments against NAT? - what breaks, Joe Touch
Next by Date:  RE: IPv6 addressing limitations (was "national security"), Schiro, Dan
Previous by Thread:  Re: arguments against NAT?, Melinda Shore
Next by Thread:  Re: arguments against NAT?, Zefram
Indexes:  [Date] [Thread] [Top] [All Lists]