I don't know if this is an annual argument yet, but the frog is in the pot, and the flame is on. Guess who's playing the part of the frog? Answer: ISPs who do this sort of thing. Value added security is a nice thing. Crippling Internet connections will turn the Internet into the phone company, where only the ISP gets to say what services are good and which ones are bad. While an ISP might view it appealing to be a baby bell, remember from whence we all come: the notion that the middle should not inhibit the endpoints from doing what they want. You find this to be a support headache? Offer a deal on Norton Internet Security or some such. Offer to do rules merges. Even offer a provisioning interface to some access-lists. Just make sure that when that next really fun game is delivered on a play station that speaka de IP your customers can play it, and that you haven't built a business model around them not being able to play it. Eliot mike harrison wrote:
On Monday, 2002-04-29 at 08:43 MST, Beckmeyer <beck@pacbell.net> wrote:
Is anybody here doing NAT for their customers?
Tony Rall:
If you're NATing your customers you're no longer an ISP. You're a sort-of-tcp-service-provider (maybe a little udp too). NAT (PAT even more
Depends on scale and application. We have lots of customers that we NAT, one way or another. And a lot more that we don't. Some customers WANT to 'just see out' and they like all the 'weird stuff turned off'. Sometimes it's a box at the customers end, sometimes it's nat'd IP's on the dial-up/ISDN/FracT1/T1/Wireless connection itself.
Saying we are not an ISP because we do some NAT is a little harsh. Giving the customer options and making things work (when done right, and explained properly.... we have no sales droids) is good business and I think good for the 'net. It gives the clueless (and sometimes cluefull) just a little more isolation.
What is wrong is NAT'ing when you should not.