It may be easy to sell, but it's also fictitious. NAT is antithetical to security, not beneficial to it. Owen On Mar 16, 2012, at 1:21 PM, cdel.firsthand.net wrote:
NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite.
Christian de Larrinaga
On 16 Mar 2012, at 19:35, William Herrin <bill@herrin.us> wrote:
On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez <alvarezp@alvarezp.ods.org> wrote:
On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow <christopher.morrow@gmail.com> wrote:
NetRange: 100.64.0.0 - 100.127.255.255 CIDR: 100.64.0.0/10 OriginAS: NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
Weren't we supposed to *solve* the end-to-end connectivity problem, instead of just letting it live?
"We" forgot to ask if all the stakeholders wanted it solved. Most self-styled "enterprise" operators don't: they want a major control point at the network border. Deliberately breaking end to end makes that control more certain. Which is why they deployed IPv4 NAT boxen long before address scarcity became an impactful issue.
Regards, Bill Herrin
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004