nanog mailing list archives

Re: The End-To-End Internet (was Re: Blocking MX query)

From: TJ <trejrco () gmail com>
Date: Fri, 7 Sep 2012 13:45:50 -0400

On Tue, Sep 4, 2012 at 3:45 PM, William Herrin <bill () herrin us> wrote:

On Tue, Sep 4, 2012 at 2:22 PM, Jay Ashworth <jra () baylink com> wrote:

It is regularly alleged, on this mailing list, that NAT is bad *because

it

violates the end-to-end principle of the Internet*, where each host is a
full-fledged host, able to connect to any other host to perform

transactions.

That's what firewalls *are for* Jay. They intentionally break
end-to-end for communications classified by the network owner as
undesirable. Whether a particular firewall employs NAT or not is
largely beside the point here. Either way, the firewall is *supposed*
to break some of the end to end communication paths.


Exactly - talking about a *(subtle?)* difference here.
1) Breaking the E2E model because your security policy (effectively)
dictates it.  For the record, this is fine as it is your decision for your
network.
2) Being forced to break that model by deficiencies in the underlying
protocol/address-family.  This is, shall we say, sub-optimal.

/TJ

Current thread:

Re: The End-To-End Internet (was Re: Blocking MX query), (continued)
- - - Re: The End-To-End Internet (was Re: Blocking MX query) John Levine (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) valdis . kletnieks (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Sean Harlow (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Jimmy Hess (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) John Levine (Sep 06)
- Re: The End-To-End Internet (was Re: Blocking MX query) Jay Ashworth (Sep 04)
  - Re: The End-To-End Internet (was Re: Blocking MX query) Sean Harlow (Sep 04)
  - Re: The End-To-End Internet (was Re: Blocking MX query) William Herrin (Sep 04)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Jay Ashworth (Sep 04)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Izaac (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) TJ (Sep 07)
  - Re: The End-To-End Internet (was Re: Blocking MX query) David Miller (Sep 04)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Michael Thomas (Sep 04)
  - Re: The End-To-End Internet (was Re: Blocking MX query) Jimmy Hess (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Masataka Ohta (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) valdis . kletnieks (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Masataka Ohta (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Owen DeLong (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Cameron Byrne (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Masataka Ohta (Sep 05)
    - Re: The End-To-End Internet (was Re: Blocking MX query) Oliver (Sep 06)

(Thread continues...)