I work at a higher-ed organization, and our IT group is deciding between deploying NAT (assigning rfc1918 addresses to end-user devices), or avoiding NAT (assigning public IP addresses to end-user devices).
Many considerations are relatively clear (need sufficient IPv4 space if we want to avoid NAT; need to maintain NAT logs for auditing/security; may need a firewall but that's largely independent of NAT; need to give users a way to open ports / get a public address if they want to run a server in the NAT situation; need to special-case researchers; etc).
One of the things that's been difficult to pin down are the downsides of using NAT. It's clear that things could work well with NAT, given that it is prevalent in the world, but it seems likely there's some downsides too.
So, what are the tangible downsides of being behind a NAT, even if they're not significant? I'm thinking of things like video conferencing that runs slower because it needs to send data via some intermediary server; games that need direct connections between players; peer-to-peer applications; etc. This is an educational + residential campus, so almost every application you could imagine likely runs on this network.
Having a list of concrete examples would help us better weigh the possible downsides of deploying NAT.
No comments:
Post a Comment