nanog mailing list archives
Re: misunderstanding scale
From: Joe Greco <jgreco () ns sol net>
Date: Mon, 24 Mar 2014 07:31:44 -0500 (CDT)
On Mon, Mar 24, 2014 at 3:00 AM, Karl Auer <kauer () biplane com au> wrote:Addressable is not the same as accessible; routable is not the same as routed.Indeed. However, all successful security is about _defense in depth_. If it is inaccessible, unrouted, unroutable and unaddressable then you have four layers of security. If it is merely inaccessible and unrouted you have two.
Yet there is significant value to providing uniqueness in address space, a property that is incredibly useful. The proponents of this sort of "in depth" "defense" typically view NAT as a way to protect their networks, which it does, in some limited sense, from being addressable from the outside world. The problem is that it has broken one of the key design principles in IPv4, and so we've had to suffer for years under broken NAT regimes and workarounds and other folly. This is overall a bad thing for the Internet, and for the development of future protocols and applications. Time to give up two layers of meaningless security for the riches offered by the vastness of the new address space. If this job were easy, anyone could do it. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: misunderstanding scale, (continued)
- Re: misunderstanding scale William Herrin (Mar 24)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- Re: misunderstanding scale Lee Howard (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- Re: misunderstanding scale Lee Howard (Mar 25)
- Re: misunderstanding scale Timothy Morizot (Mar 24)
- Re: misunderstanding scale Timothy Morizot (Mar 24)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale Michael Thomas (Mar 24)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale Valdis . Kletnieks (Mar 24)
- Re: misunderstanding scale Michael Thomas (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- RE: misunderstanding scale Eric Wieling (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Timothy Morizot (Mar 24)
- Re: misunderstanding scale Mark Tinka (Mar 24)