Aleluia
And then, at the end of the tunnel, a light tries to fight against the dark long corridor…
Jabber Architecture: IETF recognizes that NATs exist: "There was a healthy discussion from some saying that the IETF shouldn't enable "those people". The counter argument is that they're going to do it anyway, so we may as well tell them how to do it safely. The turning point in the meeting was when someone at the front asked who in the room was using private address space. About 95% of the people raised their hand. At that point, it was really difficult for people to argue with a straight face that only evil or stupid people had NATs."
Well, it’s about time.
I’m sure someone will point me to some site/url/lava pit for saying this, but I really do like NAT. With the exception of the office in Lisbon, all the other 3 or 4 places I usually work from are behind some sort of Apple or Linksys wireless router doing NAT (more precisely NAPT), and this has become my preferred connection to the Net.
The thing that I like the most is that I don’t have to worry to much about having a very strict personal firewall policy (I trust the persons at the office more that the average Internet person), and that allows me to have a richer local-net experience (becoming much more important in a world of Rendevous^H^H^H^H^H^H^H^H^HOpenTalk).
The problems I have with NAPT are a direct consequence of IETF “nat is evil” mantra. The lack of specs makes certain simple things almost impossible: VoIP, IM File Transfer are the first two that come to mind.
Side-note: I’m still impressed how “just-works-level” Apple has made iChat voice and video-conferencing, even with NAPT on both sides.
But back to NAPT and what I miss: I really would like to see a spec/protocol from IETF that would allow me to write applications that are NAT/NAPT-aware (the second one more important than the first).
The things that I see as most important are:
- Am I running behind NAT/NAPT? An application must have a way to discover if they are being NAT/NAPT-ed;
- My application must have a way of telling the NAT box that it's expecting a incoming connection TCP or UDP. The NAT box must give back the specific IP address and port number that the remote side must use. Optionally, the request could include the origin IP and port number of such incoming request;
- All of the above must work for two or more levels of NAT.
Must check IETF to see if the WG is already created.