NAT/PAT with private addresses was invented as a workaround for address depletion in the 1990s
Then people start to use it and found that NAT/PAT was the solution for everything: Security, multihoming, address independancy with the Service Provider,…
Most of the people don’t realize the huge hidden costs which go with NAT. All the new applications must be engineered to bypass and support NAT. There are more than 77 RFCs about NAT if you do a simple search on the IETF with NAT keyword, then look at the result.
NAT deny end-to-end security, is a problem for real security protocols like IPSec, IKE, Kerberos or DNSSEC.
NAT seems to be the solution for everything while actually it breaks a lot (most) of the network applications and does not permit end-to-en security.
It is like the Heroine which was a prescription sold in pharmacy with or without a prescription from a doctor for almost everything, to make people sleep, to calm irritation, to kiil any pain and more.... Nobody could say that Heroine was not working and it was! Problem was that it was also very bad for many things and for the health in general. And also the people who started to use it could not stop it !
NAT provided immediately tons of addresses and allowed IPv4 to live 20 more years.
Then people tested it for other problems than address depletion and "oh my god! works !!!". So NAT was used for everything but at the same time it was breaking many applications.
A lot if not all the Network applications need an ALG to work with NAT.
And there are some applications which will never work because of NAT! Some of these application could provide better security, bettter QoS, more features !
NAT gives an opportunity for undetected MITM exploits which could be prevented with end-to-end security.
When people have start to use NAT/PAT they cannot imagine any network without it or how the Internet was before the introduction of NAT/PAT and they ask for NAT even if it is not needed with a 128 bit long addresses !
They want NAT even if nobody cannot say that NAT creates more issues than it solves problems ! Just how many RFCs are published about NAT, how to deal with NAT, how to bypass NAT...just to have some basic functions working and some applications cannot deal with NAT.
So in the PRO and CONS play about NAT, the only PRO I can find is that it kept the Internet working for years with IPv4 but there is a big CONS wich goes with this PRO. Without NAT we would not have sleep for 20 years to start something better than IPv4 !!! OK NAT provides address independancy but we should find other solution like we did with telephone. Now we can keep the same number when he change of operator in France! and we don't have NAT for telephones!
BTW, Heroine is no more a miracle medicine and is forbidden by law in the USA since 1956 and in France since 1963 !
Messages les plus consultés
-
Table of Contents 1 Introduction: Transition Technologies Needed 2 Transition to IPv6 Status 3 Dual-Stack 4 Network Address T...
-
Following long discussions, a lot of emails exchanged and rejected drafts about NAT66, the IETF finally approved Network Prefix Translation ...
-
Test the Website with http://ipv6-test.com/validate.php No ...
-
LTE is a 4G Mobile Specification for Multimedia. It has come a long way since the first generation in 79! The Data and Voice Networks we...
-
IPv6 provides an address for each node. on the Internet. So NAT has no more use for address depletion. NAT also provides some basic securi...
-
Email Trace | Email Tracking | Reverse Email Trace | IP-Adress.com
-
1. Introduction As IPv4 addresses are pretty much consumed and the lazy ones have not even yet started their transition process to IPv6 ... -
Cisco IPv6 for SP Labs: 6PE, 6VPE, QoS with 6VPE, InterAS, CsC, 6RD, Security...
-
This is the most simple Firewall you may find for IPv6 . It is at the same time trivial to configure and powerful enough to provide the sec...
-
A+P An Interesting Alternative To Large Scale NAT (LSN) or Carrier Grade NAT (CGN)
Aucun commentaire:
Enregistrer un commentaire