From nobody Fri Sep 27 05:34:07 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFK0F6pKvz5XXGM for ; Fri, 27 Sep 2024 05:34:21 +0000 (UTC) (envelope-from kh@panix.com) Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFK0F1pwNz45SY for ; Fri, 27 Sep 2024 05:34:21 +0000 (UTC) (envelope-from kh@panix.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=panix.com header.s=panix header.b="W/gp64aH"; spf=pass (mx1.freebsd.org: domain of kh@panix.com designates 166.84.1.89 as permitted sender) smtp.mailfrom=kh@panix.com; dmarc=pass (policy=none) header.from=panix.com Received: from rain.cave (c-73-60-194-75.hsd1.ma.comcast.net [73.60.194.75]) by mailbackend.panix.com (Postfix) with ESMTPSA id 4XFK066XNRzrVk for ; Fri, 27 Sep 2024 01:34:14 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=panix.com; s=panix; t=1727415255; bh=fTttcgVd3fDxa4z0IY0YhjtElgMuRbmdmAX61eQgDU8=; h=Date:From:To:Subject:References:In-Reply-To; b=W/gp64aHoZdMPByYOhnPotYYwJdIj/LmXdORq90x7gAW4ctbG9QhWv8qYaIARKyxo ZW9AbVwfFpHqaftkEaik53rvFUyMKOeJIFpUweotmf98vh90EkcCYKHC+Y/GUBybCh zkaVlZ9hxYvp9CgIaF6J95zOFTdfCxvPRsptih8E= Date: Fri, 27 Sep 2024 01:34:07 -0400 From: Kurt Hackenberg To: questions@freebsd.org Subject: Re: Why does dhcpd have a routers (plural) option for a subnet? Message-ID: References: <292574df4e30929138035c55f6d69185@fjl.co.uk> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/2.2.13 (2024-03-09) X-Spamd-Result: default: False [-3.09 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.993]; DMARC_POLICY_ALLOW(-0.50)[panix.com,none]; R_SPF_ALLOW(-0.20)[+ip4:166.84.1.64/26]; R_DKIM_ALLOW(-0.20)[panix.com:s=panix]; RWL_MAILSPIKE_GOOD(-0.10)[166.84.1.89:from]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:2033, ipnet:166.84.0.0/16, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[panix.com:+] X-Rspamd-Queue-Id: 4XFK0F1pwNz45SY X-Spamd-Bar: --- On Thu, Sep 26, 2024 at 11:04:51AM -0500, Doug McIntyre wrote: >You have to think back to when this would have been developed. > >The model of NAT didn't exist. IP addresses were unique and globally >routable. ... >Now, with NAT being prevelent everywhere, you're going to have to go >through the device that holds your session table to have NAT work >back. Most firewalls won't let traffic coming in on the "wrong" >interface from passing through. Thus, we've collapsed everything down >to requiring >the one gateway router/firewall device. > >This is one of the problems with NAT that old network people complain about. >NAT solved the Internet IP address limit problem, but with much >reduced functionality and resiliency. Yep. NAT is a temporary kluge, a bridge to the real solution: IPv6. IPv6 doesn't need NAT, because it has plenty of addresses. You might be interested in RFC 1958: Architectural Principles of the Internet[1]. This is fairly short, 5-6 pages. There's also RFC 4924: Reflections on Internet Transparency[2]. This is sort of an update, status of the end-to-end principle (when it was written). [1] [2]