+1 to what Keith said. -Dave
> -----Original Message----- > From: Keith Moore [mailto:[email protected]] > Sent: Friday, March 20, 2009 1:23 PM > To: james woodyatt > Cc: Lixia Zhang; Dave Thaler; [email protected] Discussion > Subject: Re: [nat66] Fwd: I-D Action:draft-iab-ipv6-nat-00.txt > > james woodyatt wrote: > > On Mar 19, 2009, at 20:39, Lixia Zhang wrote: > >> > >> We should have sent a FYI about this draft earlier. Comments are > most > >> welcome! > > > > There are three places in the draft where the phrase "end-to-end > > reachability" is used when I would say that "end-to-end > addressability" > > would make the point more clearly. Because IAB and IETF have well > > embraced the notion that policy enforcing stateful firewalls should > be > > widely deployed in the Internet, we've long ago pitched out the > notion > > that Internet nodes should be end-to-end reachable. > > Internet nodes should be e2e reachable unless there is explicit policy > to the contrary from an enterprise network where the traffic originates > or terminates. > > The argument over > > NAT has always been about end-to-end addressability, not > reachability. > > Disagree. NATs impair both addressability and reachability, and we do > a > disservice to the community if we pretend otherwise. NAT (really NAPT) > does harm to reachability because it blocks traffic in one direction > even if this is not explicit policy, and NAPT limits the flexibility of > a site to choose a policy that takes application usage into account. > NAT > can also impair reachability when binding state is lost or discarded. > > Keith _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
