nanog mailing list archives

Re: Common operational misconceptions

From: Owen DeLong <owen () delong com>
Date: Sun, 19 Feb 2012 16:24:49 -0800


On Feb 18, 2012, at 3:31 AM, Masataka Ohta wrote:

David Barak wrote:

From: Owen DeLong owen () delong com

Sigh... NAT is a horrible hack that served us all too well in
address conservation. Beyond that, it is merely a source of pain.


I understand why you say that - NAT did yeoman's work in address
conservation. However, it also enabled (yes, really) lots of
topologies and approaches which are *not* designed upon the
end-to-end model. Some of these approaches have found their way
into business proceses.


I'm afraid both of you don't try to understand why NAT was
harmful to destroy the end to end transparency nor the end
to end argument presented in the original paper by Saltezer
et. al:

     The function in question can completely and correctly be
     implemented only with the knowledge and help of the application
     standing at the end points of the communication system. Therefore,
     providing that questioned function as a feature of the
     communication system itself is not possible.

While plain NAT, which actively hide itself from end systems,
which means there can be no "knowledge and help of the
application" expected, is very harmful to the end to end
transparency, it is possible to entirely neutralize the
harmful effects, by let NAT boxes ask help end systems.

An argument you and others have made many times boils down
to "but if we never had NAT, think how much better it
would be!"


The reality is much better that NAT is not so harmful if NAT
clients and gateways are designed properly to be able to
reverse the harmful translations by NAT gateways.

I have running code to make the reverse translations, with
which protocols such as ftp with PORT commands are working.

                                      Masataka Ohta



No, I think you do not understand...

I have a NAT gateway with a single public address.

I have 15 FTP servers and 22 web servers behind it.

I want people to be able to go to ftp://<hostname> and/or http://<hostname> for each of them.

Please explain to me how your code solves this problem?

Yeah, thought so.

Owen

Current thread:

Re: Common operational misconceptions, (continued)
- - - Re: Common operational misconceptions Masataka Ohta (Feb 20)
    - Re: Common operational misconceptions Steven Bellovin (Feb 20)
    - Re: Common operational misconceptions Masataka Ohta (Feb 20)
    - RE: Common operational misconceptions George Bonser (Feb 20)
    - Re: Common operational misconceptions Masataka Ohta (Feb 20)
    - RE: Common operational misconceptions George Bonser (Feb 20)
    - Re: Common operational misconceptions Masataka Ohta (Feb 20)
    - Re: Common operational misconceptions David Barak (Feb 17)
    - Re: Common operational misconceptions Owen DeLong (Feb 17)
    - Re: Common operational misconceptions Masataka Ohta (Feb 18)
    - Re: Common operational misconceptions Owen DeLong (Feb 19)
    - Re: Common operational misconceptions Joe Greco (Feb 19)
    - Re: Common operational misconceptions Mark Andrews (Feb 19)
    - Re: Common operational misconceptions Owen DeLong (Feb 20)
    - Re: Common operational misconceptions Jimmy Hess (Feb 19)
    - Re: Common operational misconceptions Karl Auer (Feb 19)
    - Re: Common operational misconceptions Masataka Ohta (Feb 19)
    - Re: Common operational misconceptions Andrew Jones (Feb 19)
    - Re: Common operational misconceptions Jimmy Hess (Feb 19)
    - Re: Common operational misconceptions Valdis . Kletnieks (Feb 20)
  - Re: Common operational misconceptions Ridwan Sami (Feb 16)

(Thread continues...)