Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!alpha.sky.net!news.sprintlink.net!news-chi-13.sprintlink.net!news.sprintlink.net!news-chi-8.sprintlink.net!tank.news.pipex.net!pipex!news.be.innet.net!INbe.net!news.nl.innet.net!INnl.net!hunter.premier.net!news.uoregon.edu!news.emf.net!overload.lbl.gov!agate!howland.erols.net!cam-news-hub1.bbnplanet.com!uunet!in2.uu.net!news.artisoft.com!usenet
From: Terry Lambert <terry@lambert.org>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IP Masqerading?
Date: Tue, 20 Aug 1996 11:35:58 -0700
Organization: Me
Lines: 115
Message-ID: <321A058E.7209A8FD@lambert.org>
References: <jfortes-1307951117380001@10.0.2.15> <32151AD0.699795F7@lambert.org> <4v8tcr$8ei@Mercury.mcs.com> <3218B774.3D2754EF@lambert.org> <4vb8r8$lc1@Mercury.mcs.com>
NNTP-Posting-Host: hecate.artisoft.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.01 (X11; I; Linux 1.1.76 i486)
Leslie Mikesell wrote:
] In article <3218B774.3D2754EF@lambert.org>,
] >
] >] How many places using NAT would be comfortable with a
] >] non-firewalled internet connection if they understood
] >] the implications.
] >
] >How many ISP's who charge for multiple addresses would allow
] >inbound connections from NAT hosts?
] >
] >It's a silly question to ask. We both know that the market
] >niche for NAT exists because of an arbitrary economic distinction
] >by ISP's in the first place, and making other arbitrary
] >distinctions does not somehow ennoble the niche.
]
] But the economics aren't arbitrary - it takes considerably more
] effort to obtain/assign/delegate networks of addresses than
] single addresses.
Sounds like a one-time charge, not a per-month charge, to me.
] Suppose you were doing the work at both ends to connect a
] bunch of remote offices to a hub site and you know that
] (a) all they need at the remotes is email and web browsing
] and (b) you are fairly likely to change ISP's at the hub
] site and have to renumber everything soon. Would
] you waste the effort to put in full routing?
Yes.
The work on the ISP side should be nothing more than making
a single Sybase (or similar) database entry, if the ISP is
competent at all. Like the phone company, the person you
call to have you phone "installed" need only modify data
tables to activate your phone line. The same is true of
routes.
An ISP who plans on doing this sort of deal more than once
would have the task automated.
] These days it is fairly hard to get enough addresses to
] connect everything let alone put in the subnetting you
] want for security/traffic management.
The inability to get/not-get address assignments is an ISP
lock-in issue. As is the fact that many ISPs purposely
structure their domain acquisition such that they own the
domain instead of their customers. At a minimum, they can
charge a fee to release the domain SOA to another ISP; at
maximum, they can lock you into their services if you want
to keep the domain.
] It seems rather wasteful not to nat things that are behind
] firewalls and generally unreachable anyway.
It may be useful, if the site is large enough, to implement
block translation using NAT.
This is *very* different than the typical usage to which NAT
is applied (to subvert billing practices).
Using block translation, each machine has a unique internal
(usually non-routed) network address, and a unique external
address corresponding to the internal address and translated
based on IP block assignment through the ISP.
This would allow changing ISP's at will.
Clearly, ISP's have in the past fought against anything that
would commoditize their services. Just as clearly, they will
continue to do so until their market reaches saturation.
I have no sympathy for the ISP who wants to artificially
inflate the value of their services. Domain hosting fees
in Arizona and Utah range from $15/month up to $640/month
for those suckers too stupid to comparison shop (I also
have no sympathy for the suckers; there must be some economic
selection mechanism against stupidity, now that our society
is in the process or removing all natural checks and balances
on the trait).
There is no real shortage of address space; the recent reorgs
and class D breakups of ranges have seen to that. IPV6 will
in wide use before it becomes an issue again.
I believe that the issues are purely economic, and the result
of a controlled economy (sellers marketplace) at that.
] >] If tcp were elegant, NAT would be too - or there would be no
] >] need for it.
] >
] >Well, that goes without saying, doesn't it?
]
] Actually I think 'slirp' is pretty elegant, but it only works
] where you control the inbound side of a dial-up link. What
] we need is your 'router-tunnel' connected to the equivalent of
] a slirp nat/proxy possibly over an encrypted channel like
] ssh uses.
Yes, this would resolve the problem. So would replacing that
SLIrP with a socks client (my actual suggestion for the tunnel);
it's now a matter of no incentive toward "better" now that we
have "good enough" in most peoples minds. That, more than
anything else, causes misused NAT to offend me.
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.