[arin-ppml] Set aside round deux

Ted Mittelstaedt tedm at ipinc.net
Mon Aug 2 16:26:34 EDT 2010



On 8/1/2010 2:40 PM, Roger Marquis wrote:
> Ted Mittelstaedt wrote:
>> Owen ... Your running around preaching the evils of NAT and half of these
>> SOHO's out there likely think your talking about some insect that
>> flies up
>> their nose when they ride their bicycle. And the ones that know what
>> it is,
>> they aren't aware of those NAT problems and so they are going to conclude
>> that NAT works fine. I'm just saying, when preaching IPv6, you gotta
>> flog a
>> horse that the listener understands.
>
> It's not a matter of understanding. Many of us have been deploying NAT
> for decades. We understand that it brings both costs and benefits,
> however, in our companies NAT is just one element in a matrix.
>
> We understand NAT's role in multi-homing gateways, we understand the
> security provided by NAT, and we also understand the drawbacks to the
> so-called NAT alternatives. If there is a lack of understanding it has
> more to do with these and other business deliverables. Aside from
> network engineering our IT departments are also responsible for securing
> IP (intellectual property), managing intrusion detection systems, meeting
> budgets, and regulatory compliance. These are all at least as important
> as the perceived convenience of network engineering staff.
>
> This should not imply that I've met a network engineer who has any
> problems with NAT. The organizations I have worked for are not ILECs or
> backbone providers, so neteng job candidates expressing a problem with
> NAT would not normally get past the first interview. That said, it does
> seem that the arin-ppml mailing list is backbone-centric, and if it had
> more representation from administrators of other network models we would
> hear less from the minority of engineers who have problems with NAT and
> more from the rest who understand NAT's advantages over the proposed
> alternatives.
>

Roger, I cut my teeth using debug to format and compsurf to brand ESDI 
drives.  I deployed NAT in production when the ONLY way you could do it 
was apply a massive patch to the FreeBSD 2.x kernel.  This was long 
before Cisco released 11.2 IOS which was the first "commercial router" 
that supported NAT - and only on certain platforms (ie:2500, not 1000) 
and long before Linksys was anything more than a misspelling of a 
childrens toy set.  And, I daresay, long before YOU knew anything about 
what NAT is.  So I'm intimately familiar with NAT and how it's used.

NAT's days are numbered and no matter how many benefits you think it
brings, one way or another it's going to be gone.

I saw and worked with a LOT of kludges during the days when orgs 
switched from Netware to TCP/IP.  Remember that IP-over-IPX thing that 
Novell had going where the client spoke IPX to some proxy that actually 
talked to the Internet?  Yech!  All of those - gone.  Except for
the handful of orgs who lack the imagination to come into the 21st
century.  There will undoubtedly be vendors in the IPv6 Internet
who will make money off those sorts.

I will point out that most listmembers on arin-ppml who are backbone 
centric in outlook, didn't spring from the womb as full
blown backbone admins.  Please give us a little credit, we all had
to cut our teeth as greenhorn admins of "other network models"  We
"get it"  But we have come to the realization that NAT isn't going
to work in the long haul and there's no point in telling people who
are just starting to learn about IPv6 that it is.  Better to raise them
properly from the first place.

As others have said, securing IP (intellectual property), managing 
intrusion detection systems, meeting budgets, and regulatory compliance
can all be done without NAT.  If you not familiar with
how to do them without NAT then learn.  Your only hurting yourself
by refusing to do so.


Ted


> Roger Marquis
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.



More information about the ARIN-PPML mailing list