I have built enterprise networks in the past, and we've used NAT in some places, and avoided NAT like the plague in other places.
It is difficult to read a statement containing "like the plague" and not see bias in it. Be that as it may...
NAT is a useful tool at times, and a major pain at other times. *Professionals* can analyze a situation and pick *the right tool*, instead of blindly following the "everybody does this!!" lore.
Would be interesting to know what Joseph bases his claim of "blindly following the "everybody does this!!" on. This view is wholly inconsistent with the security professionals I have worked with over the past 15 years. NAT is often spec'ed for IPv4 address conservation but even where it is not NAT is still used by the overwhelming majority of address-rich sites. Having been the CISO of a telecommunications equipment company with two /16s where NAT was used nevertheless you would think someone in neteng would have told me they were opposed to NAT, but none did. None have either, ever, except in forums like this. This leads me to believe that the opposition to NAT is based on a poor understanding of infrastructure security and/or a hidden agenda. Given the profit potential of universal routability my inclination would be to suspect the astroturf agenda, particularly given how NAT-detractors: A) have yet to provide a detailed rebuttal to the many uses of NAT, and B) are in conflict with the charter of this mailing list. As such claims that NAT should not be standardized (by the IETF or elsewhere) should be moderated. That there is no moderation also indicates bias.
If you want to state that *you* like NAT, fine. But don't assume you can speak for others, or for "security professionals".
No sorry, the real world doesn't work like that. I can speak for others because I've been working with other network engineers for 15+ years, including some of the best (Yahoo paranoids, banking auditors, credit card vendor developers, ...) In all those years I have never met anyone with the audacity to claim they are opposed to NAT in any employment situation. This may be that they do not wish to have their credibility doubted among their managers and co-workers, or more likely, they would not have gotten the job in the first place had they indicated a bias against NAT. I don't need to speculate but I can say that my sample size is large and statistically relevant. Roger Marquis _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
