Search RPD Archives
[rpd] Factors affecting in-region utilization - way forward?
Owen DeLong
owen at delong.com
Sun Jul 20 18:11:29 UTC 2014
> As much as I discourage the use of NAT in networks, I believe address translation has its niche in the ecosystem. Its has played a key role in scaling a system that was born over 30 years ago.
No question NAT _WAS_ a useful stop-gap while we were waiting for the development of IPv6. Unfortunately, it devolved from a necessary evil and useful stopgap to an accepted norm and an excuse for procrastinating IPv6 deployment. Worse, it's become so endemic in some people's mindsets that there is now substantial confusion over it's security aspects. Some are even so completely and thoroughly confused as to think that NAT is not harmful to security. Some go so far as to vehemently and religiously insist that it improves security.
> What I see stereotypical is people condemning NAT based on trivial negatives. Needless to say most of us run networks and know the reality on the ground.
I would argue that condemning NAT over its trivial negatives is silly, when it has so many non-trivial negatives:
1. It forces users into a second-class-citizen role on the network.
2. It removes some of the democratization of communications that the internet promises.
3. It breaks the end-to-end model of the internet.
4. It stifles innovation and the development of new applications.
5. It has facilitated and encouraged wide-spread codification of erroneous assumptions about the nature of home networks.
6. It has all but decimated the ability to create real peer-to-peer applications.
The list goes on. None of those are "trivial" negatives in my opinion. Instead, they are problems which strike at the very heart of the true promise of the internet.
> I would rather like to see solid arguments such as how NAT affects the battle against Cyber Threats. Issues like "function of implementation and hardware capability" seem far fetched if I understand the semantics :)
NAT is a fantastic tool in the battle for Cyber Threats. It provides tremendous resources and assistance to attackers and helps obfuscate the true sources of many problems and malefactors.
Having said that, I think we are starting to stray from the topic at hand, and, indeed the scope of the RPD list.
Owen
More information about the RPD
mailing list