On Friday, October 17, 2003, at 01:03 PM, James Kempf wrote:
One of the things I'd like to see is a list of why people use scoped
addresses (RFC 1918) in IPv4.
I've talked to a very large number of people about this (or
rather why they use NATs, which is a slightly different
question), and the most common reasons are:
1) don't want to buy more addresses
2) simplification of network management/renumbering
3) security/firewalling/unreachability
The first two are already being dealt with in one form
or another. The third is only peripherally being addressed
and certainly not satisfactorily (for whatever value of
"satisfactory"). The reality is that some large number
of users, including some users who consider themselves
relatively expert (network administrators, etc.) don't want
their hosts to be reachable by default but they do want
them to be able to initiate connections themselves. I'm
not sure there's a good answer to this question, since
the users' wishes are incompatible with the IETF's working
assumptions about reachability.
There was a BOF on distributed firewalls several meetings
ago that I think is at least in some way relevant, but 1)
there doesn't seem to be a lot of momentum behind it, and 2)
some jiggering would be required. Also, this really is a
big-A architecture problem that involves pulling together
some disparate technologies, and has been noted elsewhere,
the IETF doesn't do this sort of thing very well.
Melinda
_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad
