Lars-Erik,
From: Michel Py
[mailto:michel(_at_)arneill-py(_dot_)sacramento(_dot_)ca(_dot_)us]
Unfortunately some protocol purity zealots still have to realize
that Linksys, Netgear, Belkin and consorts don't sell NAT boxes
because they think NAT is good, they sell NAT boxes because
consumers want to buy them.
I do not think consumers in general want to buy NAT boxes, but
they are forced to do so by ISP's who do not give them a choice.
We're over-analyzing things. The last 3 WLAN APs I bought had NAT on by
default; 2 of them it was impossible to turn this off. I got into long
discussions with tech support who were telling me it is impossible to design a
WLAN AP-router combo that didn't NAT.
My DSL provier offers me 5 DHCP address for free (consumer grade connection)
and my mobile carrier is now using real IP address for GPRS (they had too many
problems caused by NATed IP addresses).
In practice, I've needed to power-cycle these NAT boxes every few weeks, to
clear out the garbage. The most common things most ISP tech support lines are
"unplug your router/AP/box", count to 60 and plug it back in.
However, if I am just a normal user, go to Best Buy and pickup a home WLAN
Access Point, I'll have a NAT by default. There is no "NAT inside" logo on the
box, nor are there clear instructions on how to turn this off. Vendors have
turned NAT on by default because it is easier for them; not because the market
has asked them to.
As for reference, my local paper started, computer stores started advertising
"NAT firewalls" around 1998-99. When NATs first came to a the market, the
marketing message was that NATs provided a security feature. Still, I have far
too many tech support discussions where there is common confusion between NAT &
firewall features. I don't think it is really intellectually honest to say the
market has chosen NATs because it is what they wanted - it is a band-aid fix
for a couple of different problems, which it kind of solved, but creates some
ugly side effects.
To get around these side effects, people are deploying ALRs, B2BUA and SBCs to
help fix the side-effects (and to do other things). Human nature being what it
is, we'll probably keep applying these quick fixes, until it gets far to messy
and someone comes in and wipes these away with a new solution. Circuit
switching, ATM, ISDN, etc. all have been useful for some solutions - but when
you try to go beyond what they have been designed for, you tend to have to
apply patches and hacks to get things working.
John
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf