[unisog] Public or Private IP addresses?

Dale W. Carder dwcarder at doit.wisc.edu
Fri Oct 14 18:55:58 GMT 2005


On Oct 14, 2005, at 10:39 AM, Stejerean, Cosmin wrote:
> NAT is commonly used is to allow multiple computers to share a pool  
> of public IP addresses, but this is usually not necessary for  
> universities that have a large public IP range. I was wondering  
> what other reasons universities in particular have for using NAT  
> (dynamic or static). Static NAT will solve the problem of tracking  
> machines but does it offer any advantage over using properly  
> firewalled public IP addresses instead?
No.

Any competent address assignment scheme be it static assignment, mac
address registration, or good relational databases can solve the
problem of tracking machines.  Firewalls and other policy enforcement
schemes address the security aspects.  NAT is a choice usually
made because of external and perhaps non-technical factors.

NAT introduces more problems than it solves.  Now you have to worry
about protocols that don't play nice, internal vs external DNS, lack
of end to end global connectivity, video conferencing, bizzare apps,
etc.  In addition, you are probably at the mercy of your vendor to
support the features, bandwidth and state tracking that you need.

On our campus, use of NAT is unsupported and effectively banned by
central IT, as we do not see any of the tradeoffs as worthwhile.
(although rfc1918 space does have its place, and so does air-gap
firewall technology ;^) ).

But hey, I'm biased.

Dale

------------------------------------------------------------------------
Dale W. Carder - Network Engineer   | DoIT Network Services
University of Wisconsin at Madison  | dwcarder at doit.wisc.edu
(608) 263-3628 | 24hr NOC: 263-4188 | http://net.doit.wisc.edu/~dwcarder




More information about the unisog mailing list