NATmakes a networik a host -- must every process have an IP address?

Graham,


Monday, December 2, 2002, 9:54:54 AM, you wrote:
Graham> More generally, NATted systems only really "work" when they make only
Graham> outgoing connections.  (Yes, you can define a "pass-through", but that's a 
Graham> horrible hack, and only lets you have one receiving endpoint.)


I'm not fond of the problems that NATs incur, but I think that we are
tending to argue "purity" from a false premise.

As others have noted, NATs do more than deal with an address space
problem. They permit a degree of plug-and-play that has otherwise not
been possible.  Note that a NAT can be a DHCP client as well as
provider, thereby making the entire customer site plug and play.

But to comment on the Subject line of this note:

A host consumes a single address and provides access to a collection
of processes.  Clients and servers.

A NAT does the same thing.  In terms of "inconvenience" such as for
providing servers, the problem with NATs is administering address/port
assignments, rather than there being a core problem with the idea of a
NAT.


Graham> Where this all leads, I think, is that the worst thing about NAT is that it 
Graham> hinders the deployment of new applications.

How is this different from having "protected" ports below 1000 on
Unix?

d/
-- 
 Dave Crocker  <mailto:dcrocker@brandenburg.com>
 TribalWise <http://www.tribalwise.com>
 t +1.408.246.8253; f +1.408.850.1850

Received on Thursday, 5 December 2002 18:08:31 UTC