----- Original Message -----
From: "Mark Andrews" <marka@isc.org>
You'll have to document "everyone has to work harder to provide me services"; this is not my first rodeo, and TTBOMK, it's *transparent* to the other end of any connection out of my edge network that it's NATted at my end.
As for incoming connections, it's transparent to them as well -- and which ones are valid targets for such connections *is a policy decision of mine*, not subject to external opinion.
Could you clarify, in some detail, precisely how you get to TotC, Blake?
You are going to want the your clients to work well with your NAT. Your vendor is going to have to spend money to do this. The cost of doing this will be passed onto everyone else that buys this client as a direct monetory cost and/or extra complexity in the product. The later also increases the cost in maintaining the product. It also stops the vendor developing other products as it takes additional resources to do this work.
So far as I can tell, Mark, the only place where this becomes an issue is in the design of protocols which violate layer independence[1] by baking external transport layer address into fields in higher-layer frames; this in inherently Broken As Designed, and isn't my fault, or problem. I'll point out that such protocols will have to be fixed *anyway*, as transitioning to IPv6 will break them as well. If you merely meant "client operating systems", then I'm going back to "transparent"; please itemize how NAT at the edge of my edge network negatively affects the operations of a client OS, absent the specific broken protocols mentioned above. Next argument? :-) Cheers, -- jra [1] I originally wrote "lawyer independence"; that's funny, but too far off-meaning to leave in. :-)