ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: the evilness of NAT-PT, was: chicago IETF IPv6 connectivity

2007-07-05 15:55:43
from [Keith Moore] [Permanent Link] 


the problem is that those simple applications share the same hosts and
network that the other applications do.  if you put devices in the
network that only solve problems for the simple applications, then you
get a network that can only run simple applications.
    

      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

At least, without tunneling/overlays. And that's exactly the kind of 
network we now have and will continue to have for the forseeable 
future.  Moreover, I would claim that NAT is not even the biggest 
problem.

(I'm always perplexed by the semi-annual NAT wars on the IETF list 
because rarely are firewalls given comparable billing even though I 
suspect they cause far more problems for NOCs.  Certainly both they 
and NAT boxes cause silent, mysterious failures that cause users to 
think the network is broken.  Yet *lots* of people want their part of 
the network to be a gated community.)
  

Indeed, NATs aren't the only problem we're facing.  Interception proxies
and using IP addresses as policy tokens are also huge problems.  But
it's hard to argue that networks shouldn't have some policy, it's just
that we haven't given them better tools to enforce it.   And from an
architectural perspective, address translation is clearly a dead end. 
One of the reasons we argue against NATs is not that there aren't other
major problems, it's that people haven't managed to get the message on
NATs yet.  If we can't make the case against NATs within IETF, how can
we even begin to address the thornier cases?  (of course, what happens
is that the thornier cases are used to justify the continued existence
of NATs - which is a bit like using the existence of evil to justify
doing more evil)

The Internet-of-the-future is shaping up to be a collection of home 
and enterprise networks linked by port 443.  And I see no reason to 
believe that IPv6 is going to change that.
  

I suppose we should stop trying to design better networks, then?  Maybe
if everyone who believes that would stop participating in IETF then the
dozen or so of us remaining could get some useful work done.  :)

For what it's worth, there seems to be a long history in the Internet
(and other public networks) of bootstrapping new services by tunneling
and gateways, which are replaced by more efficient and
easier-to-maintain setups once the new service has attracted sufficient
demand.

Keith


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: draft-williams-on-channel-binding: IANA rules too complicated, Alexey Melnikov
Next by Date:  Draft ION about our rules in practice, Brian E Carpenter
Previous by Thread:  Re: the evilness of NAT-PT, was: chicago IETF IPv6 connectivity, Terry Gray
Next by Thread:  A new transition plan, was: Re: the evilness of NAT-PT, was: chicago IETF IPv6 connectivity, Iljitsch van Beijnum
Indexes:  [Date] [Thread] [Top] [All Lists]