On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote: > William Herrin wrote: >>> Not to take issue with either statement in particular, but I think there >>> needs to be some consideration of what "fail" means. >> >> Fail means that an inexperienced admin drops a router in place of the >> firewall to work around a priority problem while the senior engineer >> is on vacation. With NAT protecting unroutable addresses, that failure >> mode fails closed. > > In addition to fail-closed NAT also means: > > * search engines and and connectivity providers cannot (easily) > differentiate and/or monitor your internal hosts, and > Right, because nobody has figured out Javascript and Cookies.
> * multiple routes do not have to be announced or otherwise accommodated > by internal re-addressing. > I fail to see how NAT even affects this in a properly structured network. Owen