[arin-ppml] IPv6 Non-connected networks

[William Herrin]

On Wed, Mar 24, 2010 at 6:51 PM, Lee Dilkie <Lee at dilkie.com> wrote:
> Is no one concerned that NAT breaks a lot of networking, especially
> peer-to-peer, and forces some really inefficient technologies, like
> SBC's, to exist?

Lee,

Of course, but the point is largely moot. You can't make me choose not
to use NAT and if (when) enough others make the same choice, you won't
choose to limit your application's market by failing to design for NAT
compatibility. Well, you might but the people whose applications sell
and dominate the mindshare won't.


> There is a lot of network media traffic (example, VoIP) that is
> unnecessarily backhauled across the internet because of NAT

The enterprise security guy doesn't want you connecting to his VoIP
phones. He wants you connecting to his call proxy firewall (if he had
one) where he'll scan for viruses and hacking before passing the voice
data on to the phone. If you could talk to the phones you could craft
the buffer overflow that pwns the phones and he doesn't want you
pwning his phones.

You imagine he'd make a different choice about allowing you to send
voip traffic to his phones if he was using a non-translating stateful
firewall?

The '90s Internet is gone man. The benign environment in which the US
Office of Naval Research could place its Lan Manager servers bare on
the Internet where I could access my file shares via my 28.8 Internet
link using Samba, well it's never coming back.

Heck, look up the "switchport protected" command. The big corps *use
this feature*. They love the idea that the workstations can only talk
to the routers and servers! As a business concept, peer to peer is
dead. Do not want. NAT didn't kill it. Enterprise network security
did.

-Bill


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004