nanog mailing list archives
Re: Common operational misconceptions
From: Owen DeLong <owen () delong com>
Date: Fri, 17 Feb 2012 10:45:26 -0800
On Feb 17, 2012, at 7:20 AM, David Barak wrote:
From: Owen DeLong owen () delong comSigh... NAT is a horrible hack that served us all too well in address conservation. Beyond that, it is merely a source of pain.I understand why you say that - NAT did yeoman's work in address conservation. However, it also enabled (yes, really) lots of topologies and approaches which are *not* designed upon the end-to-end model. Some of these approaches have found their way into business proceses.
Yes... An unfortunate and very damaging side effect to be sure.
An argument you and others have made many times boils down to "but if we never had NAT, think how much better it would be!" To this, the response "so what?" is not unreasonable - organizations which have built up processes and products around the non-end-to-end model may or may not see a benefit in changing their ways. Asserting that there is something wrong with existing, succesful business practices is not, by itself, compelling.
People who make money selling weapons don't necessarily see a benefit to peace. People who avoid the high costs of toxic waste disposal by putting it into ground water don't necessarily see a benefit to having an EPA or laws that prohibit doing so. If you're not party to the war and you're not one of the people whose water supply is affected by the toxins flowing into it, then, the response "so what?" may seem reasonable from your perspective. NAT is much the same way. It is a form of toxic pollutant that has damaging effects outside of the business that has chosen to deploy NAT. At best, it started out as a necessary evil for address conservation. Dependence on it beyond that seems to me to be akin to a form of drug addiction.
While you and I may find this type of packet header manipulation distasteful, there's lots of organizations for which it's normal operations. The more NAT for v6 gets fought, the more folks will fight to preserve it. Time could be better spent demonstrating why NAT isn't needed in X or Y use case, and providing configuration snippets / assistance for non-NAT-based solutions to those various groups.
And I do exactly that when presented with actual use cases where people believe NAT is needed. You can find several instances of my having done that in previous NANOG threads. Owen
Current thread:
- Re: Common operational misconceptions, (continued)
- Re: Common operational misconceptions Masataka Ohta (Feb 20)
- Re: Common operational misconceptions Steven Bellovin (Feb 20)
- Re: Common operational misconceptions Masataka Ohta (Feb 20)
- Re: Common operational misconceptions Steven Bellovin (Feb 20)
- Re: Common operational misconceptions Masataka Ohta (Feb 20)
- RE: Common operational misconceptions George Bonser (Feb 20)
- Re: Common operational misconceptions Masataka Ohta (Feb 20)
- RE: Common operational misconceptions George Bonser (Feb 20)
- Re: Common operational misconceptions Masataka Ohta (Feb 20)
- Re: Common operational misconceptions David Barak (Feb 17)
- Re: Common operational misconceptions Owen DeLong (Feb 17)
- Re: Common operational misconceptions Masataka Ohta (Feb 18)
- Re: Common operational misconceptions Owen DeLong (Feb 19)
- Re: Common operational misconceptions Joe Greco (Feb 19)
- Re: Common operational misconceptions Mark Andrews (Feb 19)
- Re: Common operational misconceptions Owen DeLong (Feb 20)
- Re: Common operational misconceptions Jimmy Hess (Feb 19)
- Re: Common operational misconceptions Karl Auer (Feb 19)
- Re: Common operational misconceptions Masataka Ohta (Feb 19)
- Re: Common operational misconceptions Andrew Jones (Feb 19)
- Re: Common operational misconceptions Jimmy Hess (Feb 19)