This is the best way to learn imo. Don't just learn the concepts. Learn the "why" behind the problem. The engineering of it. Then learn the science - the deeper concepts.
I remember before NAT firewalls really caught on in the mid/late 90's, people just connected their computer straight to the internet via a modem. You could scan whole blocks of public subnets for open port 139 and just straight connect to //i.p.address/c$ without a password. It was the wild west. Also there were alternatives to the PIX firewall in the form of linux distributions.
Guess so, able to hear on the US Robotics what it was doing, able to understand what it did. If intruders, shut it down ? the Virus scan could find infected files !
Showing a Firepower firewall as a "better" and "More Advanced" device was a bold choice. All joking aside, this is an excellent and very informative video. Thank you!
I've worked many years on most vendor firewalls. I always loved ASAs, solid product. Firewpower is the biggest piece of garbage I have ever worked on. It's a failed product..
@@neomatrix3612My first experience with Firewalls was using Cisco ASAs. I thought they were kinda janky, and then I worked with Firepower Firewalls.... What a terrible product lmao.
How far they have fallen. The fact that their latest series of Secure firewall, the successor to firepower is still booting ASA code as default instead of FTD is quite telling..
In the early 2000s I worked for a small security firm and we bought a Cisco PIX as our network firewall, later replaced with an ASA. I never knew the history of this device. Thank you 🌷 really cool you got to talk to the people who invented NAT/PIX
One thought that I've always enjoyed thinking about when it comes to early 90's machines is what would people then think if I took a modern day Threadripper + 4090 machine and just used it to run an entire company. How many virtual machines could I theoretically run on a 64 core system.....
Thanks for providing more of the back story of the NAT. I first discovered NATs in late 1994 when I was commuting to Microsoft (Boston Redmond) and used a NAT to allow all the home devices on my home network to share a single connection to the Internet. My vision was to have every home interconnected as a peer with the rest of the Internet. That idea goes back to the 1970s when I first learned about the 32-bit IP address and realized it was not enough for the connected future that was obvious then. It also means you can have stable addresses within the home separate from those outside. I then worked to make sure that all Windows machines were ready for home networking by putting IP (with DHCP) and NATs in every Windows machine. It turned out that an external box worked better, but those NATs are still there, and you can use them for the hotspot feature. Using the NAT as a firewall was an unfortunate kludge necessitated because Windows apps at the time were not prepared to face the world. My plan was to turn NATs into (encrypted) V6 routers and remove the firewall so all devices could be full participants. The goal was to enable connectivity without installers or professional network management. I wrote about this in rmf.vc/IEEEHomeNAT and have come to realize that V6 doesn't solve the problem of providing long-term table peer relationships because it is still in the access framing (nor does the DNS /rmf.vc/ForeverURLS). The idea of accessing the Internet is a misunderstanding, but that's a whole topic in its own right. As an FYI, much of my thinking about this goes back to my experience in class in the Spring of 1973 when we studied radio packet networks (ALOHANet) and in which Bob Metcalfe did Ethernet as his class project.
In fact by stubbornly trying to solve the end-to-end connectivity, IPv6 made it much more complicated to have a working network at home, because one thing NAT did that was unexpected was to make equipments stackable: you can insert a firewall or wifi gateway behind your ISP's box and it magically works thanks to NAT that provides distinct and independent networks. With IPv6 it's a nightmare, you have to configure multiple layers as you configure routers for a datacenter, manually adding routes. And since most ISPs only provide a /64 (single network), you're screwed and have to play with proxy NDP and hard-coded addresses on devices. I.e. you can almost never provide autoconfigured IPv6 for your visitors. Sure there are private addresses, but browsers refuse to use them if an IPv4 is also available, by fear of lack of connectivity. All of this is a major failure and IPv6 at home remains dead by design (IETF and ISPs hand-in-hand).
at the tiny cost of making the system non resilient which was the entire intended purpose. just so so tech bro could make some billions. FUCK anyone using the internet for profit!
Excellent video. I hit pause and froze for about two minutes when you said duck pond and the image went to the Palo Alto Duck Pond. It was on the drive to there in 1981 that as a pre-teen I figured out how to use SIN and COS functions with an additional SIN to graph out a 3D perspective view of a drop making ripples in the surface of a pond. Back in those days the overwhelming majority of the people on the Internet were in the San Francisco Bay Area. In the mid 1980s a friend of a friend at NASA Ames was having an argument with someone in Australia on IRC and he got so mad that he ended up unplugging the cable that literally connected Australia to the Internet. 😂
@@ayanaalemayehu2998 Look up early maps of the Internet and you'll see how humble the beginnings were. It was an experiment. The single link connecting Australia was just a cable plugged into a router which sat in the next cubicle. Once you were on the base, (NAS Moffett Field, now Onizuka Air Force Station) everyone was cleared and everyone had an ID badge on, including visitors (I've been badged). There was plenty of REAL security stuff there; nobody cared about security for an unclassified experiment.
@@ayanaalemayehu2998 I laugh now just thinking about it. That sort of time will never come again. Going back one more step to the start of ARPANET, one of the first 10 ARPANET nodes was in a pizza parlor close to SRI. That wouldn't fly these days.
The unintended effect of NAT and firewall devices has been that the focus of ICT security landed on the shoulders of network engineers whereas it ought have landed on the shoulders of systems and application engineers. It also slowed down the adoption of IPv6. Nevertheless a great piece of engineering of course. 😊
PBX was not a great invention. So is NAT. Eventually one to one connection is wins. This is a bad concept is every way possible. Great tech which is built on a bad solution of a problem.
@@kreuner11 This! Between consumer ISPs trying to charge more based on number of devices, vulnerability of poorly made IoT appliances, and simply the "opsec" from outsiders knowing the size and design of your local network - I'm strongly against global addresses for local devices in 99% of circumstances.
Strong disagree with this position. You can have globally routable addresses AND a stateful firewall. This gives you the best of both worlds. Your devices are by default uncontactable from the rest of the world, but if you require end to end connectivity, you can have it. Where as NAT by design makes it impossible. NAT is a great hack, but it is one we should wean our way off.
As someone who still remembers when the internet was just email, Usenet News, file transfer and Gopher, thank you for documenting and sharing this crucial innovation for networking. It's humbling when you think how just a few individuals with bright ideas saved our whole system from imminent collapse.
@MrMegaManFan BBS was very popular, guess he forgot what we are doing in 1989. Trough the BBS service you could connect to the internet, WOW ! NASA was there too !
It's Cisco Live this week, and this would make an amazing presentation for the newer generation of network engineers. You should submit this as talk. Incredibly well done! Also, as a NetApp veteran, thanks for the hat tip mention there!
it's interesting how shockingly forward thinking they were. In the ninties 'hey we're gonna run out of address space at some point we should, uh, get on finding a fix before that becomes a problem.' In other sectors you'd get: 'how many addresses do we have right now?' 'Four billion but-' 'we'll never use up all that address space. stop wasting my time.'
"Ok, I came up with this network translation improvisation. It's ugly and breaks a lot of protocols, but it'll buy us some time to fix it properly." "Meh, fixing it properly is hard and expensive."
@@dbsirius impossible when each byte was precious back in the early days. Something you can say out loud these days - if you had made the same suggestion even in ~1990 you'd be laughed right out of the room. Really and truly.
Thank you for documenting history like these advances in networking. Jason Scott has said that most of the people he interviewed for the BBS documentary have now passed away. If these stories are not preserved, they fade and the past becomes inaccessible to the future; an unfortunate casualty of time. Thanks again! 😊
It is terrifying that I _still_ run into ASAs, regularly, and particularly with site-to-site VPN applications. ASAs are *long* past their expiration date.
These men & women are the non-well-known heroes of our current information age and many of them are still alive, this is so fantastic, thanks for interviewing them!
Please do more network history videos! All retro tech videos are usually systems and rarely networking and I'm endlessly curious how everything came to be as a Network engineer myself
I worked from about 2001 to 2016 using various Pix devices, including 501, 506, 515E and the Cisco ASA line. I never knew this history though, what a fun video!
I was behind CG-NAT for a while. It was utterly disgusting. Especially since I host my own web and mail server at home. Luckily I managed to convince my ISP to assign me a public IP address. Sadly the majority of people are not network literate enough to understand why CG-NAT is a problem, nor do they care. As long as they can get on TH-cam, Facebook, Instagram and Netflix, they don't give a flying f--k about the underlying network infrastructure.
I actually think CG-NAT is a good thing, in a roundabout way. The more people use a worse NAT technology, the more push there will be for IPv6, which IS superior.
@@thecaptain5344 except for 100% increase in IP header overhead (from 20 to 40 bytes), and a 50% increase in total packet length. . hmm.. what about that other part where it cant talk to ipv4, and. you cant score ip address space for abuse and spam because of near unlimited address space, and humans have a hard time remembering ipv6 address... there are more but these are among the many reasons to not ipv6
As someone that grew up with dialup pre web found this history so interesting. I knew about PIX and NAT but had no idea where it came drin, especially prior to Cisco. Thank you for this very informative video.
I agree. I'm old enough that I remember CompuServe and CB chat being a thing. I've got enough computer background to know a lot of what they're talking about but I didn't know the history behind it or the people involved. On something like this it's so fascinating to see the inside stories of the people working 20 hour days because they had something that believed in and wanted to get it out there for the world.
Everything about the early days of the internet, to me, is fascinating. To how it came to be, what people thought about it, how people used it, etc. For example, just connecting to the internet was something special in the 90s. I love having my "always-on" fiber internet today, but it does lack that special feeling of connecting to the internet I got in the 90's.
As cool as the technology itself is, I really do wish NAT didn't happen. It broke connectivity for at least years, and IPv6 was around for the entire time. Broken SIP, broken STUN, broken FTP, and even today Uno on Steam *still* doesn't work properly over NAT. To this day ISPs keep putting more bandaids on to keep IPv4 around, and have even monetized addresses resulting in virtual hosting being commonplace (sharing domains on one public IP). NAT would've happened, in some capacity, probably, but introducing it set IPv6 back for decades.
Add multicast to that list. Imagine how much less bandwidth live TV streaming would use if multicast worked! Unfortunately, due to NAT, those streams have to be duplicated to every client
I'm sure we will NOT be celebrating the creator of cg-NAT, which criples the internet into something beyond recognition. Its a real shame that ISPs are allowed to sell us this Horse Sh*t while falsely calling it "the internet".
It was a necessary evil. But really, we should have moved by now. IPv6 to every device globally and manage the access through firewall. We have the technology people.
@@edrose5045I don't think NAT is the only thing preventing multicasting live video. You can't pause a multicast steam. Multcasting is UPD so very late or missing packets will cause a loss of picture because there is no retransmission. The key to reducing bandwidth of video on demand is building a CDN that gets as close as possible to the customer. This works for live video too, so there isn't much reason to build a separate multicast system.
Great video format with this last video, in particular focusing on the evolution of the idea and its propagation and generalization to now ubiquity! Please keep them coming!
Great history! I went to university in 1990 and they had internet. Apart from telnet, ftp, usenet, we used it for online gaming, like MUDs, and chats, like IRC and Relay, and X-Win for remote windows. For search engines, we had "Archie" and "Veronica". Not exactly the stoneage. And we had "Gopher" which came out before the "Word Wide Web". It was similar, except every page had strict formatting. Once the WWW came out, it was better for sure. Really the main difference back then was it was mostly schools and gov on the internet. It wasnt until AOL decided to add a portal to the internet around 95 that it really exploded, and then suddenly everyone wanted in.
Great video! Blast from the past. My first PIX was the first model Cisco released. NAT and the firewall were very important as some of my systems were hacked. The danger of having everything with a publicly routable IP address! Good times!
I worked for the Colorado company eSoft, which released a NAT firewall in 1995 called the IPAD, short for Internet Protocol Adapter. In addition to NAT and DHCP, it also had POP3, SMTP, HTTP, and FTP servers. Like the PIX, it had a proprietary OS written in C and used off-the-shelf X86 hardware. A few small ISPs are using IPADs today.
I lived and worked through this era and worked directly with TCP/IP. This is a great story of what was going on to solve this impending crisis. The best channel.
Thanks for highlighting the people who made the internet work! I think many technology entrepreneurs get overlooked by a few popular figures who, while their products have greatly shaped the face of technology, ignore the fact there were so many more who go thankless except among the technology nerds. For every one Steve Jobs and Bill Gates, there's a dozen more computer greats who deserve more credit. Ken Thompson, Dennis Ritchie, Tim Berners-Lee, Linus Torvalds, Richard Stallman, and many many others are names the average person on the street wouldn't be able to name or say what their contribution was. So I love reading and seeing videos about the unsung heroes, the people whose inventions make the modern world work, and with out them you wouldn't be able to even use the creations of Steve Jobs and Bill Gates.
Superbly informative video. My whole networking career has known NAT. I am sitting here almost stunned that there was a time before NAT. But of course there was such a time and, thankfully, there were also Engineers with the vision and ability to invent NAT!
oh it was a wild time - you had to allocate a class C - i.e. a /24 network to even an ISDN customer. Once the Watchguard firewall came along, a ton of businesses shifted over - I ran the rwhoisd for a pretty decent sized regional ISP, and we had to demonstrate that we were moving customers from /24 networks to /28 to /30 depending on their actual needs before we could get the new /17 we requested from ARIN. Also, despite what the video says, CIDR is normally pronounced like Cedar the tree... not like cider the drink. At least to those of us who were actually using the term when it was new and much more meaningful
Great channel. As usual, the best way to wrap your head around a concept as bizarre as NAT, is to learn the history of how/why it came to exist in the first placd.
The first firewall I recommended and setup was a 515e with warm standby. Rock solid. Kept it far too long (10 years). I compare any firewall I setup to those old PIXs, and many modern ones still fall short.
That was the first commercial firewall I worked on, too. IIRC, we had a 515 and a 50....3? Something like that. I remember discovering that it was basically just a commodity PC, and went hunting in our parts stash to try and find a spare Intel Gb NIC rather than paying for the official Cisco part. I found one and it did work. Kinda... The PIX wasn't happy about it, and something didn't work quite right (VLANs or something?) but otherwise, it moved packets.
TH-cam has been recommending this video to me for I think a few WEEKS now. The length of the video kept making me be like... "ehhh later". But now that I've watched it. SO GLAD I DID. And honestly so glad that TH-cam Algo beat me over the head with this video so many times. It's kind of unreal how actually good the TH-cam Algo is, at least in my opinion. Thanks for this video! Super neat! :D
Love the story telling and the interviews with the people who built the foundation of our modern infrastructure.Very interesting to see the difference between the academic/policy thinker and the problem solver/commercial thinker. It always takes both.
Awesome story, I remember installing a HA pair of PIX's at my Uni's CompSci department (where I was sysadmin), that must have been 1998 or 1999... That was really my first foray into enterprise networking - so some fond memories there... Thanks for this video :)
I’ve been using “the internet” since the 80s. In the late 80s I was primarily only concerned with connecting to BBS sources. I was only a kid so I didn’t have any “professional” interests in the internet at the time but I was extremely interested in learning about it. I remember reading about IP address exhaustion and started to hear things about NAT. I lived in Redwood City at the time so it didn’t take long for information to make its way to me. No, we couldn’t do Google searches back then. We had to actually talk to people. Like anyone who had any level of foresight at that time, I envisioned how the concept of personal computing was going to change things. So I dropped out of high school and started my path to my “IT” career (a term that didn’t exist back then). After working in various computer related fields (mostly doing dial up and DSL tech support)I eventually landed a job as an engineer at the first cable broadband internet service provider in the US, “@Home”, in Redwood City. Eventually @Home and Excite.com (the #2 search engine at the time, behind Yahoo) merged and gave me access to their datacenters. It was then that I had seen the true impact of how NAT truly helped the internet become what it was. Buildings upon buildings full of servers and network appliances, all running on IP networks. I can’t imagine the management nightmare that would be, especially when talking about Layer 3 and 4 security, if NAT didn’t exist. Not to mention all of the workstations for all of the users employed at the company. It was very interesting to see that evolution happen. I learned so much while being a part of that era. I sometimes miss it (I don’t do that type of work anymore) but I know that there’s bound to be something innovative come down the pipeline again and I hope to be around to see it.
The most interesting thing to me as a new sysadmin, is the push toward cloud and virtualization. More and more companies and services are pushing to the cloud, to the point on premises is becoming a less popular option. I mean I think it's not going anywhere, but in the next couple of decades I wouldn't be surprised if most services are entirely cloud based. Giant server farms will replace the server in the back room of every mom and pop shop everywhere. And virtualization is also fascinating. I haven't seen as much of this yet, but virtualized firewalls, NICs, and everything else is wild to me. Coupled with cloud technology someday we might see a plain box just managing the local connection to some server somewhere that has everything stored off site. Your firewalls and switches, and servers, and backups, and everything completely virtualized. Obviously, I think some on-premises will always exist, some people want to control their data, or have on site needs to make it necessary. But man, we could see a lot shift toward everything existing as a VM on some server farm on the other side of the country.
Great vid. Amazing how these early pioneers made such a difference to the web's survival. We should all be glad they cared. Even if only because it was for purely business reasons 😊
Great story! I started with a Pix 520 in active/standby configuration around the 2000's. Great box, just before they were replaced I remember repairing one with a standard PC power supply.
I am so happy that I have found this channel. Having started back in the early 80's BBS days with my Atari, knowing that this history is being saved so those who come after know what we did to get here. Subscribed!
Earlier in my IT career I've managed PIX and ASA devices. I used a smaller ASA in my home network for a bit. Never knew it was an acquisition by Cisco and it was the first NAT device. It's pretty neat how NTI followed NetApp's business model in making a purpose built appliance.
I installed dozens of Cisco PIX and many dozens (in the hundreds?) of Cisco ASAs. Huge part of my IT history. Way back in the day (2000?) there was even a CCNP Firewall cert that was basically just the CCNP plus one more Firewall cert. I didn't even study for the test, I just went and sat for it and passed with flying colors.
I started with networking while in university in the 2000s and got my first job in 2007. PIX firewalls were already considered obsolete at that time and ASAs were where it was at. I never knew how pioneering the device actually was, it seemed clunky to use to me (as it used a different command line than IOS) and I didn't like it. So you just made me appreciate the device I once disliked.
My dad worked as a Project Manager at Cisco Systems for 15 years, I remember when he retired because all of their jobs were being sent overseas. This was around 2005 I believe. I miss the days when I'd get to go to work with him as a kid. Those were good times...
Sooo cool to see where comes Cisco ASA/FPR comes from ! I work with this kind of devices every day ! (And not Only Cisco). I truly appreciate the video !
Wow.. I was working for Cisco back in the late 90’s. I was a young guy, specialized in WAN to WAN to LAN connections. It was all new to me and I loved it. Never knew how NAT was started.
It's almost annoying how well NAT works, because if it was any worse we wouldn't be more than 20 years into the existence of IPv6 and only at ~40% adoption. It's a very clever hack that was necessary at the time, and it has some uses that are more justifiable than others, but it was a mistake to ease up on IPv6 rollout when NAT is just a bandaid solution.
To be honest, unless you have public servers, you don't need a public IP for each device in your home. Point to point is more critical for commercial interests and in data centers that's typically how it works where every device has a public IP. IPv4 is simple and it's allocation should be utilized for that. IPv6 should be less transparent and handle the growing scale of the internet. The two should work together.
@@benargee my point is that IPv4 with NAT isn’t as simple as IPv6. In Australia, many ISPs have started rolling out CG-NAT due to v4 address exhaustion and it’s caused no end of issues with multiplayer gaming, working from home, and any other situation where UPNP/PCP is expected to work.
Cool, I worked on ARPA after being in the Army as a contractor. Went to work after with the University of California in the early 90's. Worked with the Cisco AGS routers on up to current. Back when they had a phone book for people and their emails. Loved the time I had working with the systems and remember the NAT solution. Met some of these very influential people during my journey with CENIC and the University system. Ahh the days of Novell, Thicknet, IBM networks, stupid drivers for everything.. etc. LOL oh those were the days!
Back when I was a computer tech, we had Thicknet connecting some VAX 11/780 computers. I also hand wired some Ethernet controllers on prototyping boards for Data General Eclipse computers. Several years later, I was at IBM Canada, where we had IPv4 & SNA on token ring. I also got my Novell CNA along the way and more recently Cisco CCNA.
@@lucasrem Office systems? What are you talking about? The VAX and Eclipse computers were full computers. The VAX had a 32 bit CPU and was a favourite in schools and labs. The Eclipse was a 16 bit computer and was also popular in labs & industry. At that time I was a tech in a telecommunications company and both those systems, among others, were used for message switching. We had several customers we provided switching for and some of them, Air Canada comes to mind, were all over the world. This was in the days before the Internet became popular.
Thanks for doing this video! I got to work a bit with John Mayes while I was at Spectrum Holobyte, where he installed a PIX sometime in eairly to mid 1993. Good times to be in IT.
One of the healthcare technology companies I worked for actually had machines with the NTI logos on the front. Surprisingly they were only fully retired in 2017. (Yep they were only like 15 years past EOL…and yep there were still NT 4.0 boxes too) Back in the day the fun thing would be that you would walk into companies that just made up ip addresses (usually in the low end class A’s or using repeat numbers like 111). They would come in and hook up a network connection and randomly wipe people off the internet (in many cases government agencies who had low class A octet numbers). There wasn’t really any protection against customers asking their network provider from routing any random ip space to them….they were supposed to do some checks but few bothered doing it all the time.
incredible to know how things were done in the begining, things like this explain why cisco is so important in so many fields, now all of us can enjoy the fruits of their efforts
First off, the 32 bit address space was never intended to be public. IPv4 was just supposed to be for concept demonstration and the final version was supposed to have a much larger address space. However, it "escaped". This according to Vint Cerf, one of the creators of IP. Second, originally there weren't address classes, the entire address space was what eventually called class A. See RFC 760 for details. It provided for 8 bit network addresses and 24 bit host addresses. NAT has become a curse on the Internet in that it breaks things and also there are many people who are stuck behind carrier grade NAT and so don't even get a single public address. This makes it impossible for them to directly access their network. Also, NAT does not provide any security that a properly configured firewall can't provide. Re "mini" computers. Many years ago, I was a computer tech, servicing among other computers, the DEC VAX 11/780, which was bigger than those IBM systems. My first Internet connection was in 1994, IIRC. It was so long ago that I had a SLIP connection, as PPP wasn't yet commonplace. This meant I had a static address, as SLIP didn't support automatic address assignment. I have been running IPv6 on my home network for 13 years, initially via a 6in4 tunnel, but for over 7 year with native IPv6 from my ISP. I also have IPv6 on my cell phone. Also, in the late 90s, I was at IBM Canada, providing 3rd level OS/2 support. Back then I had 5 static public IPv4 addresses, 1 for my own computer and 4 for testing in my work. Back then DHCP was just starting to be used. I also had 5 SNA addresses there. This was on a token ring network.
What! I never thought that NAT was something that was invented as a cure to a problem as late as 1995. I always thought it had been a product of standarding body of some sort from early networking times. Thanks for making these videos.
Great video! I installed dozens of PIX firewalls in the late 90's and early 2000's. The 515E was an "enhanced" version of the 515, and indeed the 515E was the last model. However, both the PIX and the 3000-series VPN concentrator (another Cisco acquisition whose name escapes me) were more or less combined to become the ASA (Adaptive Security Appliance), which was the successor to both products. The ASA 5505 more or less replaced the 515E, while the 5520 more or less replaced the larger PIX 520. With PIX at the heart of the ASA, it lived on for well in to the next decade. At least, that's my recollection :-)
I really enjoyed this! I have no idea how you ended up in my recommends (well, I do, I’m a nerd) but this was really well done! Would love to see more of these long form doco’s on the history of the internet.
Wonderful presentation, amazing interview This is the kind of video that i gladly want to watch on TH-cam Also, I really love the fact that you really interviewed the legendary person himself One unfortunate thing is that my pitiful English skill cannot deliver how grateful I am. Please keep up the good work :)
THANK YOU !! Fantastic insight for the younger generations… Where would we be today if NAT / DHCP / PIX / ETC had not been conceived of and implemented back in those “early days”? Hardly anyone involved with internet and telecommunications today, regardless of their age, seems to recall the early days of this field. While the power and phenomenal capabilities of the internet was there, it most certainly was not “user friendly”. Without the contributions of a few forward thinking and brilliant men, it would still be relegated to the educational & military realm.
I started in the network industry in the late 80s onwards, and got to see all of these transformative changes. Nonetheless, there are details here I didn't know about... Thanks...
Factual mistake: NAT was never supposed to be a security feature. I can imagine it was originally a selling point for PIX to picture NAT as a security feature. However, network & security people in 2023 will all agree that its simply not true. But because this misleading quote is so deeply circulating even among tech people, it will take ages until it dies out. Similar to other non-true "axiom" like the "internet routing was architected that redundant way to survive nuclear attack" which was also debunked by many.
Man I am jealous of that time. It seemed like more opportunities to do something huge. Now it is hard to find an idea that isn't already done or it is incredibly complicated.
In 1995 I invaded Bosnia as part of RFCT 1AD to stop the war there, marking and clearing active minefields as we went in. In 1996 while still on deployment we began running BNC cables, t-connectors, and terminators and wiring up the first ever "deployed" WAN network the DOD had ever done. I was running my normal [REDACTED] missions during the day and working on the network at night. Since I had experience with networks as a teen growing up in a small rural town in [REDACTED], I was "volunteered" to assist our commo guys with it. I thought it was neat and threw everything I had into it, usually only getting about 4 hours of sleep a night for an entire year. Without fail there was always one soldier that would unplug a terminator and crash the entire network causing us to have to walk every single run and look at every single t-connector. And what was handling all the traffic traffic for that collection of separate network messes scattered throughout the entire country? A single PIX with a pre-configured offline "spare" as an emergency backup. The whole thing was beautifully ugly but in typical Army fashion it actually worked and it worked well. We could start sending and receiving more documents over the network and rely less on a daily courier convoy that did nothing but shuttle paperwork between the various camps and FOBs. Altavista was the most-visited website back then, we were always using that search engine. That convoy would roll out HQs gate at 6am at full throttle and visit every single U.S. installation in the entire country, never letting up until they rolled back in the HQs gate around 6pm that night. Very dangerous work. I know. I drove a stripped-down humvee that was part of it for many months. The burnout was real. Later I would deploy to Kosovo, Iraq, and Afghanistan and pretty much do the same thing but with the latest networking tech while still doing my regular day job of hunting bad guys. I'm one of the few still left alive on the planet that deployed to 4 different wars under 3 different Presidents, stringing up networks along the way.
Amazing video that provided the history of the early days of the internet. I've worked on many of the devices mentioned in this video and it's cool to see how NAT came to life. I learned some things I had not known previously. Thanks for the info!
Dude, amazing work on this! It reminds me of a friend who recently passed away.. RIP Wr3cks. He was an early pioneer of the information security industry. Sub'd! Keep up the good work! 👍👍
Color me impressed, This channel silently teaching you basic networking skills whilst telling a story and keeping it interesting.
it's true, silently teaching. Very clever .
I took a networking class an this covered the hardest unit in the span of one video in a fairly understandable way
This is the best way to learn imo. Don't just learn the concepts. Learn the "why" behind the problem. The engineering of it. Then learn the science - the deeper concepts.
I remember before NAT firewalls really caught on in the mid/late 90's, people just connected their computer straight to the internet via a modem. You could scan whole blocks of public subnets for open port 139 and just straight connect to //i.p.address/c$ without a password. It was the wild west. Also there were alternatives to the PIX firewall in the form of linux distributions.
Guess so, able to hear on the US Robotics what it was doing, able to understand what it did.
If intruders, shut it down ?
the Virus scan could find infected files !
ya the whole internet was basically a samba jungle when you got into it ;]
I tell young people I work with about this and life before XP SP3 and they dont believe me ..... they say no way thats not possible :)
The fun thing to do back then was to use WinPopup to send people modal popup dialogs on Windows 95/98 machines. Fun times.
It didn't last long. ISP's (the good ones) started blocking those ports at the RAS, and border of the network.
Showing a Firepower firewall as a "better" and "More Advanced" device was a bold choice. All joking aside, this is an excellent and very informative video. Thank you!
I've worked many years on most vendor firewalls. I always loved ASAs, solid product. Firewpower is the biggest piece of garbage I have ever worked on. It's a failed product..
@@neomatrix3612 almost as bad as a palo alto firewall
@@neomatrix3612My first experience with Firewalls was using Cisco ASAs. I thought they were kinda janky, and then I worked with Firepower Firewalls.... What a terrible product lmao.
How far they have fallen. The fact that their latest series of Secure firewall, the successor to firepower is still booting ASA code as default instead of FTD is quite telling..
Nah man, theyre great. Ask me how i know@@SApcGUY
In the early 2000s I worked for a small security firm and we bought a Cisco PIX as our network firewall, later replaced with an ASA. I never knew the history of this device. Thank you 🌷 really cool you got to talk to the people who invented NAT/PIX
One thought that I've always enjoyed thinking about when it comes to early 90's machines is what would people then think if I took a modern day Threadripper + 4090 machine and just used it to run an entire company.
How many virtual machines could I theoretically run on a 64 core system.....
1990 was US Robotics only, BBS internet.
Cisco was the revolution !
Thanks for providing more of the back story of the NAT. I first discovered NATs in late 1994 when I was commuting to Microsoft (Boston Redmond) and used a NAT to allow all the home devices on my home network to share a single connection to the Internet. My vision was to have every home interconnected as a peer with the rest of the Internet. That idea goes back to the 1970s when I first learned about the 32-bit IP address and realized it was not enough for the connected future that was obvious then. It also means you can have stable addresses within the home separate from those outside.
I then worked to make sure that all Windows machines were ready for home networking by putting IP (with DHCP) and NATs in every Windows machine. It turned out that an external box worked better, but those NATs are still there, and you can use them for the hotspot feature. Using the NAT as a firewall was an unfortunate kludge necessitated because Windows apps at the time were not prepared to face the world. My plan was to turn NATs into (encrypted) V6 routers and remove the firewall so all devices could be full participants. The goal was to enable connectivity without installers or professional network management. I wrote about this in rmf.vc/IEEEHomeNAT and have come to realize that V6 doesn't solve the problem of providing long-term table peer relationships because it is still in the access framing (nor does the DNS /rmf.vc/ForeverURLS). The idea of accessing the Internet is a misunderstanding, but that's a whole topic in its own right.
As an FYI, much of my thinking about this goes back to my experience in class in the Spring of 1973 when we studied radio packet networks (ALOHANet) and in which Bob Metcalfe did Ethernet as his class project.
In fact by stubbornly trying to solve the end-to-end connectivity, IPv6 made it much more complicated to have a working network at home, because one thing NAT did that was unexpected was to make equipments stackable: you can insert a firewall or wifi gateway behind your ISP's box and it magically works thanks to NAT that provides distinct and independent networks. With IPv6 it's a nightmare, you have to configure multiple layers as you configure routers for a datacenter, manually adding routes. And since most ISPs only provide a /64 (single network), you're screwed and have to play with proxy NDP and hard-coded addresses on devices. I.e. you can almost never provide autoconfigured IPv6 for your visitors. Sure there are private addresses, but browsers refuse to use them if an IPv4 is also available, by fear of lack of connectivity. All of this is a major failure and IPv6 at home remains dead by design (IETF and ISPs hand-in-hand).
*The* Bob Metcalfe was in the same class on you, working on a "class project" that was Ethernet? That's so cool to hear!
@@levieux1137 Sure would be nice if ISPs followed the RFCs and issued /48s to those who want them.
at the tiny cost of making the system non resilient which was the entire intended purpose. just so so tech bro could make some billions. FUCK anyone using the internet for profit!
@@timeimp @BobFrTube (assuming that's his real account) is a living legend himself. He is the inventor of the electronic spreadsheet.
Excellent video. I hit pause and froze for about two minutes when you said duck pond and the image went to the Palo Alto Duck Pond. It was on the drive to there in 1981 that as a pre-teen I figured out how to use SIN and COS functions with an additional SIN to graph out a 3D perspective view of a drop making ripples in the surface of a pond. Back in those days the overwhelming majority of the people on the Internet were in the San Francisco Bay Area. In the mid 1980s a friend of a friend at NASA Ames was having an argument with someone in Australia on IRC and he got so mad that he ended up unplugging the cable that literally connected Australia to the Internet. 😂
wouldnt that cable be very hard to access even then
@@ayanaalemayehu2998 Look up early maps of the Internet and you'll see how humble the beginnings were. It was an experiment. The single link connecting Australia was just a cable plugged into a router which sat in the next cubicle. Once you were on the base, (NAS Moffett Field, now Onizuka Air Force Station) everyone was cleared and everyone had an ID badge on, including visitors (I've been badged). There was plenty of REAL security stuff there; nobody cared about security for an unclassified experiment.
@@Peter_S_ gotcha that’s hilarious lol
@@ayanaalemayehu2998 I laugh now just thinking about it. That sort of time will never come again. Going back one more step to the start of ARPANET, one of the first 10 ARPANET nodes was in a pizza parlor close to SRI. That wouldn't fly these days.
@@ayanaalemayehu2998 Speak to any Aussie about the quality of their connection, they'd believe that one cable is still all they have today.
The unintended effect of NAT and firewall devices has been that the focus of ICT security landed on the shoulders of network engineers whereas it ought have landed on the shoulders of systems and application engineers. It also slowed down the adoption of IPv6. Nevertheless a great piece of engineering of course. 😊
PBX was not a great invention. So is NAT. Eventually one to one connection is wins. This is a bad concept is every way possible. Great tech which is built on a bad solution of a problem.
@@falconeagle3655 you're wrong, there is no reason my printer should have a global IP, nor an accountant be callable from anywhere in the world
@@kreuner11 This! Between consumer ISPs trying to charge more based on number of devices, vulnerability of poorly made IoT appliances, and simply the "opsec" from outsiders knowing the size and design of your local network - I'm strongly against global addresses for local devices in 99% of circumstances.
Strong disagree with this position. You can have globally routable addresses AND a stateful firewall. This gives you the best of both worlds. Your devices are by default uncontactable from the rest of the world, but if you require end to end connectivity, you can have it. Where as NAT by design makes it impossible.
NAT is a great hack, but it is one we should wean our way off.
I mean, if it slowed down the adoption of the Second System that IPv6 is, the it's a good thing.
As someone who still remembers when the internet was just email, Usenet News, file transfer and Gopher, thank you for documenting and sharing this crucial innovation for networking. It's humbling when you think how just a few individuals with bright ideas saved our whole system from imminent collapse.
@MrMegaManFan
BBS was very popular, guess he forgot what we are doing in 1989.
Trough the BBS service you could connect to the internet, WOW !
NASA was there too !
It's Cisco Live this week, and this would make an amazing presentation for the newer generation of network engineers. You should submit this as talk. Incredibly well done! Also, as a NetApp veteran, thanks for the hat tip mention there!
Trumpet win socket too, US Robotics, BBS services connecting us!
it's interesting how shockingly forward thinking they were. In the ninties 'hey we're gonna run out of address space at some point we should, uh, get on finding a fix before that becomes a problem.'
In other sectors you'd get:
'how many addresses do we have right now?'
'Four billion but-'
'we'll never use up all that address space. stop wasting my time.'
"Ok, I came up with this network translation improvisation. It's ugly and breaks a lot of protocols, but it'll buy us some time to fix it properly."
"Meh, fixing it properly is hard and expensive."
@@vylbird8014 ....Which is the problem we're in right now....
This is why infinitely scalable standards are a better thought process
@@dbsirius impossible when each byte was precious back in the early days. Something you can say out loud these days - if you had made the same suggestion even in ~1990 you'd be laughed right out of the room. Really and truly.
"but also, we can only hand them out in bundles of 2^8, 2^16 and 2^24 - and we gave the US DOD like 7 of the last already"
Thank you for documenting history like these advances in networking. Jason Scott has said that most of the people he interviewed for the BBS documentary have now passed away. If these stories are not preserved, they fade and the past becomes inaccessible to the future; an unfortunate casualty of time. Thanks again! 😊
This was great! The number of PIX and ASA devices I've worked on over the years is staggering.
I seem to recall many of my customers struggling with ASA when it was introduced. I have memories of fixing buggerised configs.
@@KaldekBoch Yeah, the ASA flipped a lot of concepts from the PIX so it was easy to carry in old knowledge that didn't work the same.
It is terrifying that I _still_ run into ASAs, regularly, and particularly with site-to-site VPN applications. ASAs are *long* past their expiration date.
Never thought I would see trumpet winsock ever again, that brings back memories.
Microsoft was slow to the Internet, which is one area OS/2 was ahead of Windows. Billy wanted people to use his Microsoft network instead.
13:20 Its a FAServer! I know this!
Thanks for the shout-out. Great video!
hey we'd love to have a FAServer too!
I've asked our Discord for some help unearthing one. Let's see what happens.
These men & women are the non-well-known heroes of our current information age and many of them are still alive, this is so fantastic, thanks for interviewing them!
Please do more network history videos! All retro tech videos are usually systems and rarely networking and I'm endlessly curious how everything came to be as a Network engineer myself
I worked from about 2001 to 2016 using various Pix devices, including 501, 506, 515E and the Cisco ASA line. I never knew this history though, what a fun video!
I never realised how relatively recently NAT was invented. What a great video 👍
I started doing NAT on Linux in late 1995, I had no idea NAT was only a year old by then.
Putting an home or office behind NAT isn’t much of a issue, but CG-NAT is a crime against the concept of Internet/broadband.
I was behind CG-NAT for a while. It was utterly disgusting. Especially since I host my own web and mail server at home.
Luckily I managed to convince my ISP to assign me a public IP address. Sadly the majority of people are not network literate enough to understand why CG-NAT is a problem, nor do they care. As long as they can get on TH-cam, Facebook, Instagram and Netflix, they don't give a flying f--k about the underlying network infrastructure.
CG-NAT is an absolute dumpster fire. It should be illegal for ISP's to sell CG-NAT service while calling it "the internet"
@@kaleidoscope_records_ worse than that is deploying CGNAT without IPv6...
I actually think CG-NAT is a good thing, in a roundabout way. The more people use a worse NAT technology, the more push there will be for IPv6, which IS superior.
@@thecaptain5344 except for 100% increase in IP header overhead (from 20 to 40 bytes), and a 50% increase in total packet length. . hmm.. what about that other part where it cant talk to ipv4, and. you cant score ip address space for abuse and spam because of near unlimited address space, and humans have a hard time remembering ipv6 address... there are more but these are among the many reasons to not ipv6
What a great video! A truly fascinating history behind something we all use every day but mostly take for granted.
As someone that grew up with dialup pre web found this history so interesting. I knew about PIX and NAT but had no idea where it came drin, especially prior to Cisco. Thank you for this very informative video.
I agree. I'm old enough that I remember CompuServe and CB chat being a thing. I've got enough computer background to know a lot of what they're talking about but I didn't know the history behind it or the people involved. On something like this it's so fascinating to see the inside stories of the people working 20 hour days because they had something that believed in and wanted to get it out there for the world.
I find these early "Internet" stories more interesting than what we have today, honestly.
Very fascinating story to listen to.
Everything about the early days of the internet, to me, is fascinating. To how it came to be, what people thought about it, how people used it, etc. For example, just connecting to the internet was something special in the 90s. I love having my "always-on" fiber internet today, but it does lack that special feeling of connecting to the internet I got in the 90's.
An awesome and uplifting story. Thank you! It's great to know this amazing story.
Now wishing I'd kept my PIX 501 from years ago.
As cool as the technology itself is, I really do wish NAT didn't happen. It broke connectivity for at least years, and IPv6 was around for the entire time. Broken SIP, broken STUN, broken FTP, and even today Uno on Steam *still* doesn't work properly over NAT. To this day ISPs keep putting more bandaids on to keep IPv4 around, and have even monetized addresses resulting in virtual hosting being commonplace (sharing domains on one public IP). NAT would've happened, in some capacity, probably, but introducing it set IPv6 back for decades.
Add multicast to that list. Imagine how much less bandwidth live TV streaming would use if multicast worked! Unfortunately, due to NAT, those streams have to be duplicated to every client
I'm sure we will NOT be celebrating the creator of cg-NAT, which criples the internet into something beyond recognition. Its a real shame that ISPs are allowed to sell us this Horse Sh*t while falsely calling it "the internet".
It was a necessary evil. But really, we should have moved by now.
IPv6 to every device globally and manage the access through firewall. We have the technology people.
@@edrose5045I don't think NAT is the only thing preventing multicasting live video.
You can't pause a multicast steam. Multcasting is UPD so very late or missing packets will cause a loss of picture because there is no retransmission.
The key to reducing bandwidth of video on demand is building a CDN that gets as close as possible to the customer. This works for live video too, so there isn't much reason to build a separate multicast system.
You absolutely can pause a multicast stream - most set top boxes simply buffer the stream locally as long as they can.
Got a PIX when first got a DSL line way back when. I never knew how revolutionary that device was. Very fun to know more about its history.
Great video format with this last video, in particular focusing on the evolution of the idea and its propagation and generalization to now ubiquity! Please keep them coming!
Love your videos, thank you so much for the effort/content, it's really appreciated.
What a wonderful video with impresive interviews. Good work. I hope that Paul Francis get an award for being a clever pariah.
Great history! I went to university in 1990 and they had internet. Apart from telnet, ftp, usenet, we used it for online gaming, like MUDs, and chats, like IRC and Relay, and X-Win for remote windows. For search engines, we had "Archie" and "Veronica". Not exactly the stoneage. And we had "Gopher" which came out before the "Word Wide Web". It was similar, except every page had strict formatting. Once the WWW came out, it was better for sure. Really the main difference back then was it was mostly schools and gov on the internet. It wasnt until AOL decided to add a portal to the internet around 95 that it really exploded, and then suddenly everyone wanted in.
Great video! Blast from the past. My first PIX was the first model Cisco released. NAT and the firewall were very important as some of my systems were hacked. The danger of having everything with a publicly routable IP address! Good times!
excellent video. very interesting to learn about early internet history like this, especially with the interviews. this channel is going to blow up!
What an awesome mini-documentary! Thanks so much for putting it together and looking forward to more!
I worked for the Colorado company eSoft, which released a NAT firewall in 1995 called the IPAD, short for Internet Protocol Adapter. In addition to NAT and DHCP, it also had POP3, SMTP, HTTP, and FTP servers. Like the PIX, it had a proprietary OS written in C and used off-the-shelf X86 hardware. A few small ISPs are using IPADs today.
Was this the same esoft that sold tbbs's back in the day? I ran one of those!
TBBS was the Sh*t!
@@kaleidoscope_records_ BBS was a thing back in 1989, why he forgot that, that was how we started !
I lived and worked through this era and worked directly with TCP/IP. This is a great story of what was going on to solve this impending crisis. The best channel.
Thanks for highlighting the people who made the internet work! I think many technology entrepreneurs get overlooked by a few popular figures who, while their products have greatly shaped the face of technology, ignore the fact there were so many more who go thankless except among the technology nerds. For every one Steve Jobs and Bill Gates, there's a dozen more computer greats who deserve more credit. Ken Thompson, Dennis Ritchie, Tim Berners-Lee, Linus Torvalds, Richard Stallman, and many many others are names the average person on the street wouldn't be able to name or say what their contribution was. So I love reading and seeing videos about the unsung heroes, the people whose inventions make the modern world work, and with out them you wouldn't be able to even use the creations of Steve Jobs and Bill Gates.
great documentary with primary source interviews. thanks "the serial port" and thanks youtube algo for recommending me this.
Superbly informative video. My whole networking career has known NAT. I am sitting here almost stunned that there was a time before NAT. But of course there was such a time and, thankfully, there were also Engineers with the vision and ability to invent NAT!
oh it was a wild time - you had to allocate a class C - i.e. a /24 network to even an ISDN customer. Once the Watchguard firewall came along, a ton of businesses shifted over - I ran the rwhoisd for a pretty decent sized regional ISP, and we had to demonstrate that we were moving customers from /24 networks to /28 to /30 depending on their actual needs before we could get the new /17 we requested from ARIN.
Also, despite what the video says, CIDR is normally pronounced like Cedar the tree... not like cider the drink. At least to those of us who were actually using the term when it was new and much more meaningful
Great channel. As usual, the best way to wrap your head around a concept as bizarre as NAT, is to learn the history of how/why it came to exist in the first placd.
The first firewall I recommended and setup was a 515e with warm standby. Rock solid. Kept it far too long (10 years). I compare any firewall I setup to those old PIXs, and many modern ones still fall short.
That was the first commercial firewall I worked on, too. IIRC, we had a 515 and a 50....3? Something like that. I remember discovering that it was basically just a commodity PC, and went hunting in our parts stash to try and find a spare Intel Gb NIC rather than paying for the official Cisco part. I found one and it did work. Kinda... The PIX wasn't happy about it, and something didn't work quite right (VLANs or something?) but otherwise, it moved packets.
It’s amazing to learn the behind the scenes of all the amazing things I lived through that I previously had no context for. Thank you.
TH-cam has been recommending this video to me for I think a few WEEKS now. The length of the video kept making me be like... "ehhh later". But now that I've watched it. SO GLAD I DID. And honestly so glad that TH-cam Algo beat me over the head with this video so many times. It's kind of unreal how actually good the TH-cam Algo is, at least in my opinion.
Thanks for this video! Super neat! :D
This is such an interesting video. Great background about a network technologies(s) we (now) take for granted! Thank you producing such a great video!
Love the story telling and the interviews with the people who built the foundation of our modern infrastructure.Very interesting to see the difference between the academic/policy thinker and the problem solver/commercial thinker. It always takes both.
Awesome story, I remember installing a HA pair of PIX's at my Uni's CompSci department (where I was sysadmin), that must have been 1998 or 1999... That was really my first foray into enterprise networking - so some fond memories there... Thanks for this video :)
what an awesome video! instant subscribe. i'm on the internet since 1995 and this hits all my sweet spots.... lol ,well played! :)
I’ve been using “the internet” since the 80s. In the late 80s I was primarily only concerned with connecting to BBS sources. I was only a kid so I didn’t have any “professional” interests in the internet at the time but I was extremely interested in learning about it.
I remember reading about IP address exhaustion and started to hear things about NAT. I lived in Redwood City at the time so it didn’t take long for information to make its way to me. No, we couldn’t do Google searches back then. We had to actually talk to people. Like anyone who had any level of foresight at that time, I envisioned how the concept of personal computing was going to change things. So I dropped out of high school and started my path to my “IT” career (a term that didn’t exist back then).
After working in various computer related fields (mostly doing dial up and DSL tech support)I eventually landed a job as an engineer at the first cable broadband internet service provider in the US, “@Home”, in Redwood City. Eventually @Home and Excite.com (the #2 search engine at the time, behind Yahoo) merged and gave me access to their datacenters. It was then that I had seen the true impact of how NAT truly helped the internet become what it was.
Buildings upon buildings full of servers and network appliances, all running on IP networks. I can’t imagine the management nightmare that would be, especially when talking about Layer 3 and 4 security, if NAT didn’t exist. Not to mention all of the workstations for all of the users employed at the company.
It was very interesting to see that evolution happen. I learned so much while being a part of that era. I sometimes miss it (I don’t do that type of work anymore) but I know that there’s bound to be something innovative come down the pipeline again and I hope to be around to see it.
Hell yeah I ran a wildcat bbs in late 80s I was 9 hahaha. Was awesome till my sister used the phone and kicked me off the modem
The most interesting thing to me as a new sysadmin, is the push toward cloud and virtualization. More and more companies and services are pushing to the cloud, to the point on premises is becoming a less popular option. I mean I think it's not going anywhere, but in the next couple of decades I wouldn't be surprised if most services are entirely cloud based. Giant server farms will replace the server in the back room of every mom and pop shop everywhere.
And virtualization is also fascinating. I haven't seen as much of this yet, but virtualized firewalls, NICs, and everything else is wild to me. Coupled with cloud technology someday we might see a plain box just managing the local connection to some server somewhere that has everything stored off site. Your firewalls and switches, and servers, and backups, and everything completely virtualized.
Obviously, I think some on-premises will always exist, some people want to control their data, or have on site needs to make it necessary. But man, we could see a lot shift toward everything existing as a VM on some server farm on the other side of the country.
I used a Cisco PIX 515 to get my CISSP. I still have it (not in use but on a shelf) and is one of my most prized possessions. Good video!!
Great vid.
Amazing how these early pioneers made such a difference to the web's survival. We should all be glad they cared. Even if only because it was for purely business reasons 😊
Great story! I started with a Pix 520 in active/standby configuration around the 2000's. Great box, just before they were replaced I remember repairing one with a standard PC power supply.
Did failover on a pix actually work back then?
@Milk Manson yes it did but it required a special cable between both units. If I remember correctly with a 15 pin D connector on both ends.
Wow! Such a great and informative video! You obviously put a lot of thought and effort into making this video.
This was a fantastic documentary, informational and entertaining at the same time!
Thanks for putting together such a well structured video, especially with the interviews!
I am so happy that I have found this channel. Having started back in the early 80's BBS days with my Atari, knowing that this history is being saved so those who come after know what we did to get here. Subscribed!
Earlier in my IT career I've managed PIX and ASA devices. I used a smaller ASA in my home network for a bit. Never knew it was an acquisition by Cisco and it was the first NAT device. It's pretty neat how NTI followed NetApp's business model in making a purpose built appliance.
I installed dozens of Cisco PIX and many dozens (in the hundreds?) of Cisco ASAs. Huge part of my IT history. Way back in the day (2000?) there was even a CCNP Firewall cert that was basically just the CCNP plus one more Firewall cert. I didn't even study for the test, I just went and sat for it and passed with flying colors.
I started with networking while in university in the 2000s and got my first job in 2007. PIX firewalls were already considered obsolete at that time and ASAs were where it was at. I never knew how pioneering the device actually was, it seemed clunky to use to me (as it used a different command line than IOS) and I didn't like it. So you just made me appreciate the device I once disliked.
My dad worked as a Project Manager at Cisco Systems for 15 years, I remember when he retired because all of their jobs were being sent overseas. This was around 2005 I believe. I miss the days when I'd get to go to work with him as a kid. Those were good times...
Wow this brought me a lot of nostalgia from the 90s, thank you! :-) It was fun back then...
Sooo cool to see where comes Cisco ASA/FPR comes from ! I work with this kind of devices every day ! (And not Only Cisco). I truly appreciate the video !
Man, thank you! I installed about 300 of these when building IPSEC tunnels for the ANX in the early 2000's. Great memories!
Wow.. I was working for Cisco back in the late 90’s. I was a young guy, specialized in WAN to WAN to LAN connections. It was all new to me and I loved it. Never knew how NAT was started.
As an IT consultant who started in the late 90's, I deployed many of these and supported and configured many more.
It's almost annoying how well NAT works, because if it was any worse we wouldn't be more than 20 years into the existence of IPv6 and only at ~40% adoption. It's a very clever hack that was necessary at the time, and it has some uses that are more justifiable than others, but it was a mistake to ease up on IPv6 rollout when NAT is just a bandaid solution.
Nothing is as permanent as a temporary solution.
To be honest, unless you have public servers, you don't need a public IP for each device in your home. Point to point is more critical for commercial interests and in data centers that's typically how it works where every device has a public IP. IPv4 is simple and it's allocation should be utilized for that. IPv6 should be less transparent and handle the growing scale of the internet. The two should work together.
@@benargee my point is that IPv4 with NAT isn’t as simple as IPv6. In Australia, many ISPs have started rolling out CG-NAT due to v4 address exhaustion and it’s caused no end of issues with multiplayer gaming, working from home, and any other situation where UPNP/PCP is expected to work.
@@benargee IPv4 is a mess compared to IPv6. So many hacks built on top of it. With IPv6 you don't need subnet masks, DHCP, NAT, DDNS, etc..
@@benargee Everyone should have a public server. NAT is separation into nobels and serfs.
Cool, I worked on ARPA after being in the Army as a contractor. Went to work after with the University of California in the early 90's. Worked with the Cisco AGS routers on up to current. Back when they had a phone book for people and their emails. Loved the time I had working with the systems and remember the NAT solution. Met some of these very influential people during my journey with CENIC and the University system. Ahh the days of Novell, Thicknet, IBM networks, stupid drivers for everything.. etc. LOL oh those were the days!
Back when I was a computer tech, we had Thicknet connecting some VAX 11/780 computers. I also hand wired some Ethernet controllers on prototyping boards for Data General Eclipse computers. Several years later, I was at IBM Canada, where we had IPv4 & SNA on token ring. I also got my Novell CNA along the way and more recently Cisco CCNA.
@@James_Knott That is Office systems, not computing.
You never needed to code for it, basicly just a Type writer
@@lucasrem Office systems? What are you talking about? The VAX and Eclipse computers were full computers. The VAX had a 32 bit CPU and was a favourite in schools and labs. The Eclipse was a 16 bit computer and was also popular in labs & industry. At that time I was a tech in a telecommunications company and both those systems, among others, were used for message switching. We had several customers we provided switching for and some of them, Air Canada comes to mind, were all over the world. This was in the days before the Internet became popular.
Thanks for doing this video! I got to work a bit with John Mayes while I was at Spectrum Holobyte, where he installed a PIX sometime in eairly to mid 1993. Good times to be in IT.
Gupta
@@rubiksai say what? Do I know you? I’d like to forget that chapter of my life ;-)
One of the healthcare technology companies I worked for actually had machines with the NTI logos on the front. Surprisingly they were only fully retired in 2017. (Yep they were only like 15 years past EOL…and yep there were still NT 4.0 boxes too)
Back in the day the fun thing would be that you would walk into companies that just made up ip addresses (usually in the low end class A’s or using repeat numbers like 111). They would come in and hook up a network connection and randomly wipe people off the internet (in many cases government agencies who had low class A octet numbers). There wasn’t really any protection against customers asking their network provider from routing any random ip space to them….they were supposed to do some checks but few bothered doing it all the time.
Fantastic video, great story telling and teaching
What a beautiful and enlightening documentary. The information, the interviews, the production and knowledge. Love it!!
incredible to know how things were done in the begining, things like this explain why cisco is so important in so many fields, now all of us can enjoy the fruits of their efforts
This was way more interesting than I expected, and I expected it to be interesting. Great work.
First off, the 32 bit address space was never intended to be public. IPv4 was just supposed to be for concept demonstration and the final version was supposed to have a much larger address space. However, it "escaped". This according to Vint Cerf, one of the creators of IP.
Second, originally there weren't address classes, the entire address space was what eventually called class A. See RFC 760 for details. It provided for 8 bit network addresses and 24 bit host addresses.
NAT has become a curse on the Internet in that it breaks things and also there are many people who are stuck behind carrier grade NAT and so don't even get a single public address. This makes it impossible for them to directly access their network. Also, NAT does not provide any security that a properly configured firewall can't provide.
Re "mini" computers. Many years ago, I was a computer tech, servicing among other computers, the DEC VAX 11/780, which was bigger than those IBM systems.
My first Internet connection was in 1994, IIRC. It was so long ago that I had a SLIP connection, as PPP wasn't yet commonplace. This meant I had a static address, as SLIP didn't support automatic address assignment. I have been running IPv6 on my home network for 13 years, initially via a 6in4 tunnel, but for over 7 year with native IPv6 from my ISP. I also have IPv6 on my cell phone.
Also, in the late 90s, I was at IBM Canada, providing 3rd level OS/2 support. Back then I had 5 static public IPv4 addresses, 1 for my own computer and 4 for testing in my work. Back then DHCP was just starting to be used. I also had 5 SNA addresses there. This was on a token ring network.
Thank you for all your hardwork and time spent on this.
What! I never thought that NAT was something that was invented as a cure to a problem as late as 1995. I always thought it had been a product of standarding body of some sort from early networking times.
Thanks for making these videos.
Oh yeah, NAT was late to the game. It was Classful Routing before, as they mentioned. Super wasteful.
I'm into computers and networking and this was a very well enjoyed story. Thank you so much.
Thanks for making this video. I was working on Linux networking stack from late 1992 and didn't know some of this history.
Great video! I installed dozens of PIX firewalls in the late 90's and early 2000's. The 515E was an "enhanced" version of the 515, and indeed the 515E was the last model. However, both the PIX and the 3000-series VPN concentrator (another Cisco acquisition whose name escapes me) were more or less combined to become the ASA (Adaptive Security Appliance), which was the successor to both products. The ASA 5505 more or less replaced the 515E, while the 5520 more or less replaced the larger PIX 520. With PIX at the heart of the ASA, it lived on for well in to the next decade. At least, that's my recollection :-)
'Compatible Systems' was the name you were after, I think.
@@itstheterranaut It was actually "Altiga". I still have copies of the vendor specific SNMP MIB files for it.
@@djdawso Ah, thanks!
I really enjoyed this! I have no idea how you ended up in my recommends (well, I do, I’m a nerd) but this was really well done! Would love to see more of these long form doco’s on the history of the internet.
great video, true pride at 20:27, made me shiver a bit. on the shown graph I'd love an addition start end of release
This is the different kind of documentary i would love to see, thank you 👍🏼👍🏼👍🏼
Wonderful presentation, amazing interview
This is the kind of video that i gladly want to watch on TH-cam
Also, I really love the fact that you really interviewed the legendary person himself
One unfortunate thing is that my pitiful English skill cannot deliver how grateful I am.
Please keep up the good work :)
THANK YOU !!
Fantastic insight for the younger generations…
Where would we be today if NAT / DHCP / PIX / ETC had not been conceived of and implemented back in those “early days”?
Hardly anyone involved with internet and telecommunications today, regardless of their age, seems to recall the early days of this field. While the power and phenomenal capabilities of the internet was there, it most certainly was not “user friendly”. Without the contributions of a few forward thinking and brilliant men, it would still be relegated to the educational & military realm.
This is true history of the modern world and the engineers and all the teams who was there creating it, who started everything. Pure gold.
This video in a piece of a art. Keep doing them. Learning things while studying history and being kept entarteined.
I started in the network industry in the late 80s onwards, and got to see all of these transformative changes.
Nonetheless, there are details here I didn't know about... Thanks...
great job on the video, the beep at 8:44 scared me so bad. i was looking for what made the noise around my house for long time 😅
Factual mistake: NAT was never supposed to be a security feature. I can imagine it was originally a selling point for PIX to picture NAT as a security feature. However, network & security people in 2023 will all agree that its simply not true. But because this misleading quote is so deeply circulating even among tech people, it will take ages until it dies out. Similar to other non-true "axiom" like the "internet routing was architected that redundant way to survive nuclear attack" which was also debunked by many.
Actually, it is true, more or less. With routing protocols, such as BGP or OSPF, a failed router is routed around.
You should be a lot less confident than you are.
This was insanely interesting and in-depth about a device/topic we take for granted today.
Thank you for this fantastic history lesson!
Really fantastic mini-doc. Learned a lot. Thank you! (And subscribed!)
Man I am jealous of that time. It seemed like more opportunities to do something huge. Now it is hard to find an idea that isn't already done or it is incredibly complicated.
In 1995 I invaded Bosnia as part of RFCT 1AD to stop the war there, marking and clearing active minefields as we went in.
In 1996 while still on deployment we began running BNC cables, t-connectors, and terminators and wiring up the first ever "deployed" WAN network the DOD had ever done. I was running my normal [REDACTED] missions during the day and working on the network at night. Since I had experience with networks as a teen growing up in a small rural town in [REDACTED], I was "volunteered" to assist our commo guys with it. I thought it was neat and threw everything I had into it, usually only getting about 4 hours of sleep a night for an entire year.
Without fail there was always one soldier that would unplug a terminator and crash the entire network causing us to have to walk every single run and look at every single t-connector.
And what was handling all the traffic traffic for that collection of separate network messes scattered throughout the entire country? A single PIX with a pre-configured offline "spare" as an emergency backup.
The whole thing was beautifully ugly but in typical Army fashion it actually worked and it worked well. We could start sending and receiving more documents over the network and rely less on a daily courier convoy that did nothing but shuttle paperwork between the various camps and FOBs.
Altavista was the most-visited website back then, we were always using that search engine.
That convoy would roll out HQs gate at 6am at full throttle and visit every single U.S. installation in the entire country, never letting up until they rolled back in the HQs gate around 6pm that night. Very dangerous work.
I know. I drove a stripped-down humvee that was part of it for many months. The burnout was real.
Later I would deploy to Kosovo, Iraq, and Afghanistan and pretty much do the same thing but with the latest networking tech while still doing my regular day job of hunting bad guys.
I'm one of the few still left alive on the planet that deployed to 4 different wars under 3 different Presidents, stringing up networks along the way.
arguably NAT and the PIX slowed the adoption of ipv6 as implementing NAT was way more cost effective than re-IPing every device.
Brilliant ! Extremely well done and informative!
Amazing video that provided the history of the early days of the internet. I've worked on many of the devices mentioned in this video and it's cool to see how NAT came to life. I learned some things I had not known previously. Thanks for the info!
Holy shit. This was an AMAZING video! Keep it up!
Outstanding video! Thank you for that amazing story.
WOW, what a piece of history!! Thank you!!
Dude, amazing work on this! It reminds me of a friend who recently passed away.. RIP Wr3cks. He was an early pioneer of the information security industry. Sub'd! Keep up the good work! 👍👍
Fantastic presentation. Thanks for making this!