What really breaks the "end-to-end nature of the Internet"

IPv6 was supposed to eliminate NAT (Network Address Translation). But in order to make the transition from IPv4 reasonable and less painful, it's being added to IPv6. It's intended use in being inclu...
Published Jul 25, 2008
Version 1.0
internet
ip
ipv4
ipv6
Networking
proxies
us
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Jul 27, 2008
@Comrade Smack

 

 

NAT was not designed as a security measure, but it has morphed into one over the years.

 

 

NAT actually minimizes the number of IP addys that need to be managed at the edge on egress assuming that the administrator is properly managing NAT pools and keeping the pools to the minimum size necessary. A well architected network can make use of NAT functionality to further segregate traffic in order to apply appropriate security policies both on egress and ingress.

 

 

I don't know any of any reputable organization that does not employ a firewall. NAT isn't used in place of security, it by nature adds another layer of security on egress.