nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: shared address space... a reality!

From: Owen DeLong <owen () delong com>
Date: Fri, 16 Mar 2012 14:17:38 -0700
It may be easy to sell, but it's also fictitious.

NAT is antithetical to security, not beneficial to it.

Owen

On Mar 16, 2012, at 1:21 PM, cdel.firsthand.net wrote:


NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by 
whoever sitting between their NATs does the opposite. 



Christian de Larrinaga


On 16 Mar 2012, at 19:35, William Herrin <bill () herrin us> wrote:


On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
<alvarezp () alvarezp ods org> wrote:

On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
<christopher.morrow () gmail com> wrote:

NetRange:       100.64.0.0 - 100.127.255.255
CIDR:           100.64.0.0/10
OriginAS:
NetName:        SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED


Weren't we supposed to *solve* the end-to-end connectivity problem,
instead of just letting it live?


"We" forgot to ask if all the stakeholders wanted it solved. Most
self-styled "enterprise" operators don't: they want a major control
point at the network border. Deliberately breaking end to end makes
that control more certain. Which is why they deployed IPv4 NAT boxen
long before address scarcity became an impactful issue.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: