On 15-Feb-2007, at 19:05, Jonathan Woolley wrote:
"[Vendor] charges [country] $[lots] to enable NAT on the great firewall. They decide to go with iptables instead"
Ah, but they'd need more than one NAT -- RFC1918 + numbers allocated already isn't enough space (or if it is now, it will run out before too long). They'd need layers of NAT, in the grand tradition of enterprise networking, which would have the consequence of breaking much edge-to- edge communication within the giant campus, and turning the domestic Internet into a vehicle whose primary utility is interaction with services hosted in other countries. That doesn't sound like a likely ambition for [country] to me (even given that [vendor H] is under the effective control of [country], and hence that cost of deployment is unlikely to be a great problem).
=)
It's an interesting problem, though. If you ran an enterprise with 23 million employees, and an ever increasing number of them needed a permanent connection to the Internet, what would you do? On that scale, and given a certain amount of centralised control of content and infrastructure, what looks more expensive? NAT or IPv6? Joe