ietf
[Top] [All Lists]

Re: The gaps that NAT is filling

2004-11-28 18:25:16
margaret(_at_)thingmagic(_dot_)com (Margaret Wasserman)  wrote on 23.11.04 in 
<p0602041fbdc8cdee09b3(_at_)[192(_dot_)168(_dot_)2(_dot_)2]>:

The average Internet user (home user or enterprise administrator)
does not care about the end-to-end principle or the architectural
purity of the Internet.

Maybe not the average usr, but a pretty large subset *does* care - because  
it makes it extremely hard to do what they want: to make a connection to  
their small business network (behind a dynamic IP) from somewhere else  
(also behind a dynamic IP).

It's possible (using one of a large number of dynamic DNS providers), but  
it is neither obvious nor trivial - in fact, it is hard for them to  
understand even what the problem is.

I just yesterday talked someone through this - a (small) business net  
admin wanting to access that net from home. This was someone who does  
database programming and at least sometimes creates networks for  
customers. And he *still* had a hard time with the consequences of dynamic  
IP and NAT.

No, it's not the majority - but yes, it *is* a pretty significant subset.  
You don't need to be all that far apart from average to bloody your nose  
on this.

(2) One-way connectivity could be provided via stateful firewalls
instead of via NAT.

You don't need all that much state for most of the protection. Just  
looking at TCP SYN does cover about 75% of the problem, I'd say, and  
that's completely stateless. (Not to say that the other 25% aren't  
important.)

MfG Kai

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf


<Prev in Thread] Current Thread [Next in Thread>