Yep- NAT showed up in Cisco IOS in the 11.2 version. I am definitely not an expert on this subject, but a couple of things come to mind when running through these posts: NAT is almost always (or needs to be) configured in an overload state (or PAT). If your NAT pool should become to small for your users (good rule of 10 users to 1 IP), you can always check the translation statistics & start to move you pool accordingly. Unless I'm missing some sort of breach with the occasional port table (when overload begins) it works quite well with users heading to the Internet. As far as the history of NAT, it's a band aide that offers some security (sucks to trouble shoot @ times too). NAT is a selling tool today for home users & ISP's that don't want to cough up addresses. As soon as IPV6 comes online, NAT will offer almost no value add. .02 Phil ----- Original Message ----- From: "Adam McKenna" <adam-nanog@flounder.net> To: "NANOG (E-mail)" <nanog@merit.edu> Sent: Friday, September 07, 2001 3:31 AM Subject: Re: Where NAT disenfranchises the end-user ...
On Thu, Sep 06, 2001 at 10:29:21PM -0700, Roeland Meyer wrote:
|> From: Eric A. Hall [mailto:ehall@ehsco.com] |> Sent: Thursday, September 06, 2001 9:49 PM
|> > "Charles Sprickman" <spork@inch.com> |> |> > NAT has it's place, and we have many happy customers that are quite |> > pleased with their NAT'd connections; some simple, some fancy. |> |> NATs are a band-aid.
ip_masq started out as a cheap way to cheat ISPs that wouldn't allocate
addrs to dial-up users (home users have no need for a LAN?), or wanted to charge an arm'n'leg for every IP addr. This irked the Linux community sufficiently that they wrote a "cure". Unfortunately, the popularity of
IP the
"cure" superceded the need.
Erm, sorry, but NAT was alive and well on Cisco routers long before it was in the Linux kernel.
--Adam
-- Adam McKenna <adam@flounder.net> | GPG: 17A4 11F7 5E7E C2E7 08AA http://flounder.net/publickey.html | 38B0 05D0 8BF7 2C6D 110A