RE: Where NAT disenfranchises the end-user ...
I'm not sure who was first, in terms of IOS NAT and ip_masq. If memory serves (and it usually doesn't) then 11.2 was released around Aug 97. I don't see any easy way to identify the release date. However, I think the linux code is older, although of course its largely based upon the BSD firewall code. The online source log shows 38 * Masquerading functionality 39 * 40 * Copyright (c) 1994 Pauline Middelink 41 * 42 * The pieces which added masquerading functionality are totally 43 * my responsibility and have nothing to with the original authors 44 * copyright or doing. 45 * 46 * Parts distributed under GPL. 47 * 48 * Fixes: 49 * Pauline Middelink : Added masquerading. 50 * Alan Cox : Fixed an error in the merge. 51 * Thomas Quinot : Fixed port spoofing. 52 * Alan Cox : Cleaned up retransmits in spoofing. 53 * Alan Cox : Cleaned up length setting. 54 * Wouter Gadeyne : Fixed masquerading support of ftp PORT commands 55 * 56 * Juan Jose Ciarlante : Masquerading code moved to ip_masq.c But Cisco was promoting NAT much earlier. They bought the old NTI hardware (now called the PIX), and its primary purpose in life was NAT -- the company was called Network Translations Inc. Looks like my first PIX install was 3 July 1996, so that predates IOS installations, I think. --woody On Sunday, September 09, 2001 6:22 AM, Circusnuts wrote:
Yep- NAT showed up in Cisco IOS in the 11.2 version. I am
[..]
----- Original Message ----- From: "Adam McKenna" <adam-nanog@flounder.net> Sent: Friday, September 07, 2001 3:31 AM Subject: Re: Where NAT disenfranchises the end-user ...
On Thu, Sep 06, 2001 at 10:29:21PM -0700, Roeland Meyer wrote:
ip_masq started out as a cheap way to cheat ISPs that
addrs to dial-up users (home users have no need for a LAN?), or wanted to charge an arm'n'leg for every IP addr. This irked the Linux community sufficiently that they wrote a "cure". Unfortunately, the
wouldn't allocate IP popularity of the
"cure" superceded the need.
Erm, sorry, but NAT was alive and well on Cisco routers long before it was in the Linux kernel.
On Sun, Sep 09, 2001 at 11:30:26AM -0700, woody weaver wrote:
I'm not sure who was first, in terms of IOS NAT and ip_masq. If memory serves (and it usually doesn't) then 11.2 was released around Aug 97. I don't see any easy way to identify the release date.
Unfortunately, I let my urge to smack Meyer down mask the original intent of my message. To tell you the truth, I don't really care what products were shipping NAT first -- the fact still remains that NAT was not some hack created by a small group of people so that the "poor dialup user" could take revenge against the evil ISP that won't give out more than 1 IP for $20/month (as Meyer would have you believe). It is a documented standard, brought about by the IETF as a means of conserving IPv4 space. --Adam -- Adam McKenna <adam@flounder.net> | GPG: 17A4 11F7 5E7E C2E7 08AA http://flounder.net/publickey.html | 38B0 05D0 8BF7 2C6D 110A
On Sun, 9 Sep 2001, Adam McKenna wrote:
On Sun, Sep 09, 2001 at 11:30:26AM -0700, woody weaver wrote:
I'm not sure who was first, in terms of IOS NAT and ip_masq. If memory serves (and it usually doesn't) then 11.2 was released around Aug 97. I don't see any easy way to identify the release date.
Unfortunately, I let my urge to smack Meyer down mask the original intent of my message.
To tell you the truth, I don't really care what products were shipping NAT first -- the fact still remains that NAT was not some hack created by a small group of people so that the "poor dialup user" could take revenge against the evil ISP that won't give out more than 1 IP for $20/month (as Meyer would have you believe). It is a documented standard, brought about by the IETF as a means of conserving IPv4 space.
Right, the tradition has roots at least a few years further back in the hack created by the "poor dialup shell account user" to allow them to get SLIP (and, at some point, CSLIP and PPP) access to the net without needing their own IP assigned by using a shell server they had an account on, with it's IP address. First done in TIA, then SLiRP. That was... 1994 or earlier. And TIA is essentially NAT, implemented in a manner that would be considered peculiar compared to today's common implementations. Hmm... guess even then it was at least partly used to conserve IP addresses, especially when handing out static IPs to every dialup user was more common. I know of a few universities that used to hand out SLIP accounts with static IPs quite freely, but then switched to recommending people use TIA where they could. That became irrelevant later, of course, when support for dynamically allocated SLIP addresses became widespread, along with PPP. So in this case it was both "preserve IPs" and "take revenge against the evil (provider of some sort)". However, note that things "created by the IETF" are normally created by a small group of people with their own agendas. And that there can be a big difference between the reasons a so-called "standard" was introduced and the reasons why people deployed it. But it seems quite true that the demand from dialup/DSL/etc. usres for NAT only really ramped up after deployment in more corporate settings ramped up. (sorry, I couldn't resist. Anyone looking for _real_ content on nanog is already ignoring this thread, so why not... thankfully, 95% of the irrelevant content on nanog is in long, easily ignored threads.)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Right, the tradition has roots at least a few years further back in the hack created by the "poor dialup shell account user" to allow them to get SLIP (and, at some point, CSLIP and PPP) access to the net without needing their own IP assigned by using a shell server they had an account on, with it's IP address. First done in TIA, then SLiRP.
That was... 1994 or earlier.
The earliest was, I think, the program "term" in '92 or '93. I had a Netcom shell account (who didn't? :) and was using term with Linux oh about 0.98... Term was the first, TIA and SLiRP followed soon after.
And TIA is essentially NAT, implemented in a manner that would be considered peculiar compared to today's common implementations.
Ummm, that's an understatement. You had to make guesses how transparent your serial terminal link was.... and configure the escape sequences by hand in term's config file. I think I recall TIA and SLiRP improved upon term by figuring out most of that automatically. - --- Quantum Mechanics: the dreams stuff is made of -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO5zx30ksS4VV8BvHEQLrZACguHbO3l+t2zCpr0zq4D9qo6rfxgEAoIqh 7Is+C60fi9P0UsdXCPQpW5le =wUdK -----END PGP SIGNATURE-----
On Sun, Sep 09, 2001 at 07:00:03PM -0700, Marc Slemko wrote:
Right, the tradition has roots at least a few years further back in the hack created by the "poor dialup shell account user" to allow them to get SLIP (and, at some point, CSLIP and PPP) access to the net without needing their own IP assigned by using a shell server they had an account on, with it's IP address. First done in TIA, then SLiRP.
That was... 1994 or earlier.
And TIA is essentially NAT, implemented in a manner that would be considered peculiar compared to today's common implementations.
TIA was pervasive enough, and causing enough *problems*, that many ISPs were banning it's use, as of fall, 1994 (I can pin it that accurately due to circumstances that only existed during that period, when I was dealing with it). SLiRP was around by, at latest, mid-1995, in response to it. Linux had functional masquerade code at that time, as well, though it was a royal pain to deal with (IE, nothing has changed much :) -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://www.lightbearer.com/~lucifer
On Sun, 09 Sep 2001 17:42:25 PDT, Adam McKenna <adam-nanog@flounder.net> said:
To tell you the truth, I don't really care what products were shipping NAT first -- the fact still remains that NAT was not some hack created by a small group of people so that the "poor dialup user" could take revenge against the evil ISP that won't give out more than 1 IP for $20/month (as Meyer would have you believe). It is a documented standard, brought about by the IETF as a means of conserving IPv4 space.
1) It wouldn't be the first time the IETF has standardized a hack. Anybody who doesn't think so is invited to read RFC822, section 3.1.4, ponder the example given, and ask why people were surprised that few 822 parsers were non-buggy. 2) It would seem to me that if your ISP is being difficult about giving out more IP addresses, using NAT to take revenge *is* conserving IPv4 space. You're restricting your usage of external addresses - just as an end user you're doing it out of financial considerations, not any grandiose altruistic for-the-benefit-of-the-net reasons. But then, we all know that altruistic suggestions are (a) off-topic for this list and (b) always create a flame-fest anyhow. ;) Valdis Kletnieks Operating Systems Analyst Virginia Tech
participants (6)
-
Adam McKenna -
Joel Baker -
Marc Slemko -
Mike Batchelor -
Valdis.Kletnieks@vt.edu -
woody weaver