[NTLUG:Discuss] Re: NAT question (2)
Bryan J. Smith
b.j.smith at ieee.org
Fri Sep 17 00:29:36 CDT 2004
On Fri, 2004-09-17 at 01:21, Bryan J. Smith wrote:
> 1-to-many NAT is an extremely poor substitute for internal routing
> protocols -- and the issues scale linearly with the size of the network.
That should read "the issues scale _exponentially_" with the size of the
network.
You plug in a NAT device, layer 2 switch or other layer 2/translation
device on a small network, not a big deal. You do the same at Disney,
just plug in a SOHO device at at workstation, and you could cause a
storm that brings down portions of your building, or possibly traffic
between buildings in the Orlando region from reaching one another.
Just from 1 device.
There is a reason for internal, layer 3 routing. It insulates other
parts of the network from layer 2 storms on other portions. 1-to-many
NAT (NAT+PAT) devices do not or, worse yet, they can introduce them to
those systems on the "untrusted" side of the device.
--
Bryan J. Smith b.j.smith at ieee.org
------------------------------------------------------------------
"Communities don't have rights. Only individuals in the community
have rights. ... That idea of community rights is firmly rooted
in the 'Communist Manifesto.'" -- Michael Badnarik
More information about the Discuss
mailing list