[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] vm vs. memory

On 10/24/2017 10:35 AM, Paul Vixie wrote:
>> Hmm... what are the redeeming qualities of NAT ?
> every other attempt to add rapid renumbering and transparent multihoming
> has been rejected. NAT, by not trying to do those things and by not
> saying it would do those things, snuck under the defenses.
> no multi-national enterprise should give real external addresses to all
> of its internal endpoints, for at least three reasons:
> 1. the internal structure should not be visible or guessable.
> 2. reachability should be prevented by more than just firewalls.
> 3. you can add and drop transit providers as often as you want.
> NAT did that. nothing else could have or did.

Forgive me for doing this, but the above is one of the most concise and 
pragmatic summaries on this topic I've seen, over the history of NAT and 
its opponents.

So I wanted to post it again, in the hope that folk would read it 
thoughtfully at least once, and perhaps twice if you are really diligent.

A very useful quote, from a very bad TV show of my childhood, noted: 
"idealism is fine, but try spreading it on crackers."  NATs are 
pragmatic, and the idealism against them is useful during basic design 
discussions, but counter-productive as an absolute.

Dave Crocker
Brandenburg InternetWorking