Podcast: The Rise of NAT

When Ned Bellavance asked me to be a guest on the Chaos Lever podcast talking about NAT, I replied, “and why do you hate me so much?

However, it turned out one can have a fun conversation about a controversial topic. For more details, listen to The Rise of NAT on Chaos Lever. I hope you’ll enjoy it ;)

2 comments:

  1. Multicast is heavily used is group communication at least for some vendors implementations of APCO25 and Tetra. It's Public Safety business.

  2. Hi Ivan. Thank you for that very interesting podcast (and also for your blog). You said (26:40) that "people knew that [client globally end-to-end reachable is] plain stupid and a security risk" because clients only need to connect to servers, and you also mocked zealous IP partisans advocating for for end-to-end connectivity back then. I understand that you are voluntarily being provocative :-) From my young millenial point of view (31 y.o.), the logic is reversed: it is because of NATs and firewalls that the internet became SO assymetrical (client/server) just like the minitel was designed (yes I am French), wherease the internet (and later the web, although a client/server protocol, was meant for everyone to be a client and a server) was designed to be more balanced. You mentionned that only video-conferencing and bittorrent use client-to-client connectivity (and they are indeed the main use cases), but hell do they need to engineer complex systems to circumvent these NATs and firewalls : STUN, TURN, ICE, DHT, etc.! In short, the difficulty to do client-to-client connectivity is (one of) the (main) reason(s) why it does not happen that much. I am the close witness of a CGNAT (so a NAT behind a NAT basically...) yet-to-come implementation and that is a engineering nightmare, a SPOF, and making everything else so much more complex that one client = one IP address. It truly is a HUGE step back on simple design. So in my opinion, NATs and firewalls heavily hinged client-to-client connectivity and are the reason why the (mass market) internet is so unbalanced (and you could argue that this allowed the cloud to happen, then state surveillance, etc. but that's yet another topic). On the security aspect, it is a complex topic: of course if you made all today's IP-connected devices and made them globally reachable it would be a botnet nightmare, but that would be a dishonest comparison. The good question is: what if NAT never existed and most devices had indeed been globally reachable? who can tell how things would have turned out in that case? reducing security to network filtering sounds a bit outdated nowadays. I would love to read your opinion on my personnal wanderings. Cheers.

Add comment
Sidebar