RE: The Devil's in the Deployment RE: NATs as firewalls

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

> From: Noel Chiappa [mailto:jnc at mercury.lcs.mit.edu] 

>     > From: Brian E Carpenter <brc at zurich.ibm.com>
> 
>     > the problems that NAT causes, and that having suffcient 
> address space
>     > (a.k.a. IPv6) solves
> 
> This comment seems to posit that insufficient address space 
> is the only thing driving deployment of NATs (other than the 
> modestly effective firewalls that NAT provides), and that's 
> just not correct.
> 
> Until the IETF fully understands and appreciates the forces 
> which are driving the deployment of NAT boxes - which have 
> been spectacularly successful in the marketplace, far more so 
> than the purported official alternative - they will continue 
> to eclipse said purported official alternative.

Even if those who dislike NAT are correct the problems caused can be solved with minor technical adjustments at the application layer.

This is not only a distraction, it is a waste of valuable political capital necessary to deploy IPv6.

We need the support of network and security administrators. Deciding that we are in a position to educate them as to the importance of the pure end-to-end vision is unnecessary and defeats the primary goal.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf