Comment Re:"IPv4 loyalists" (Score 1) 639
NAT makes a fundamental change to the internet as a whole. End-to=end connectivity is no longer guaranteed. The fixes to existing protocols to get around this are very ugly. FTP is an amazing example of this. To support FTP in active mode, NAT boxes have to edit the PORT command the clients send. The problem being that this changes the length of the TCP packet it's in, and necessitates munging all the sequence numbers from there on out. Very ugly. FTP in passive mode breaks load balancing.
Not that I think FTP is a great thing to keep around, but it's an example of what goes wrong with NAT. Why do you think there's a theoretical problem with including network information in a protocol at a higher layer? A stateful firewall may have to be aware of that sort of information (to pick up on related connections that should be allowed), but it doesn't have to actually change the data. It would be much cleaner to have IPv6 and stateful firewalling.
NAT also creates endless headaches when it becomes common enough that you're trying to connect two computers that are both behind seperate NAT boxes.
Not that I think FTP is a great thing to keep around, but it's an example of what goes wrong with NAT. Why do you think there's a theoretical problem with including network information in a protocol at a higher layer? A stateful firewall may have to be aware of that sort of information (to pick up on related connections that should be allowed), but it doesn't have to actually change the data. It would be much cleaner to have IPv6 and stateful firewalling.
NAT also creates endless headaches when it becomes common enough that you're trying to connect two computers that are both behind seperate NAT boxes.
