On Apr 4, 2012, at 9:39 23PM, David Meyer wrote:
On Wed, Apr 4, 2012 at 6:31 PM, Steven Bellovin
<smb(_at_)cs(_dot_)columbia(_dot_)edu> wrote:
On Apr 4, 2012, at 5:21 35PM, Noel Chiappa wrote:
From: Doug Barton <dougb(_at_)dougbarton(_dot_)us>
My comments were directed towards those who still have the mindset,
"NAT is the enemy, and must be slain at all costs!"
In semi-defense of that attitude, NAT (architecturally) _is_ a crock - it
puts
'brittle' (because it's hard to replicate, manage, etc) state in the middle
of
the network. Having said that, I understand why people went down the NAT
road
- when doing a real-world cost/benefit analysis, that path was, for all its
problems, the preferable one.
NAT didn't really exist when the basic shape of v6 was selected.
Perhaps, but that it would happen is obvious (even to the most causal
observer).
I do not agree. I remember discussing the concept with folks, a couple
of years before that; we agreed that NATs would be very challenging
because of the need for protocol-dependent packet inspection and
modification. Add to that an underestimate of how long it would take
before v6 was adopted, and a gross underestimate of how large the
Internet would be -- remember, IPng happened before the Web explosion --
and it was very easy to ignore the possibility of NAT, let alone the
renumbering and (questionable) firewall benefits of it. In retrospect,
sure, but in 1993-1994? It was not at all obvious.
--Steve Bellovin, https://www.cs.columbia.edu/~smb