> > Well, perhaps if you view the IETF as a "religion" and NAT as something which > violates it's dogma that analogy makes sense. Religions are at their best when they give people practical, achievable ways to live their lives well, and in such a way as to benefit not only themselves, but also others.
Similarly, IETF is at its best when it tells people practical, achievable ways to build and run networks in such a way that not only the enterprise network works well, but the whole Internet supports a wide diversity of applications for everyone's benefit. > > Here is the thing, not everyone agree's on a common defintion of "harm". Is > sex out of wedlock "harm"? How bout eating pork? Drinking wine? It all > depends upon the "religion" of the person you ask. > > Regardless of that, the scientificaly responsible thing for organizations > that are concerned with public health issues to do is talk about condom use > (including the fact that they are not foolproof). It isn't going to cause > people who regard sex out of wedlock as "sinful" from going wild... and isn't > going to stop people who don't from engaging in that activity. It's just > going to mitigate some of the more negative side effects that behavior might > cause. So fine. If you can figure out how to tell people to have NATs in their networks without their doing signfiicant harm, by all means do so. But nobody has figured this out yet, and NATs have been around for 15+ years by now. I've tried to do that myself with NAT-XC, and while I think that NATs that are explicitly controlled by their endpoints are a lot better than those that try to outsmart their endpoints, I certainly wouldn't say that they don't still do harm. I can only justify them as a transition mechanism to get to pure IPv6, and as a band-aid to allow the occasional legacy IPv4 only host or app to work for a bit longer. The people who still claim that NATs do little harm are either in denial, malicious, or both. > > > The factual thing that can be said about NAT is that it obscures the literal > IP address assigned to an end device from a source on the other side of the > NAT boundary. For some that is a desired effect for others it's an > undesirable problem. You're grossly understating the harm caused by NATs, and you know it. > Where you fall on that spectrum is more akin to religion. Where I fall on the spectrum is practicality. I've done the analysis for large numbers of use cases and I know which way works better overall. There's really no comparison. Of course religion has a dark side too. The worst aspect of religion is when it reinforces prejudices that do harm. Which is a very good description of what promoting NATs does. > IETF is never going to get people to reconcile thier conflicting interests > there. > Perhaps not, but that's not an excuse for IETF to be deliberately dishonest or to promote harmful practices. > > You are not going to achieve that level of "obscurity" without some form of > address translation... Incorrect. There are lots of ways to route traffic within an enterprise without exposing the internal network hierarchy in the address. Keith
_______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
