Owen DeLong owen at delong.com
Wed Aug 31 01:15:03 EDT 2011

On Aug 30, 2011, at 8:40 PM, Matthew Kaufman wrote:

> On Aug 31, 2011, at 4:17 AM, Owen DeLong <owen at delong.com> wrote:
>>   +    NAT on the server side of the connection (yes, this has been proposed)
> You say this like it is some crazy idea, but of course nearly all large server farms with load balancers or even just stateful IPv4 firewalls work exactly this way and have for years.

I'm talking about different sites being reached depending on:

It's that kind of NAT on the server side that does not appeal to me (DNS support
would require some effort, for example) and would be novel. That particular
mechanism has been proposed.

NAT for load balancing is an entirely different issue and actually the more
efficient load balancers actually use something that looks more like anycast
than like NAT.

No, stateful IPv4 firewalls do NOT necessarily change the address between
the front and the back or overload the port numbers for traffic destined for
servers behind them.


