[e2e] 100% NAT - a DoS proof internet

Joe Touch touch at ISI.EDU
Mon Feb 20 22:36:26 PST 2006

Dan Wing wrote:
> I fail to understand the distinction between the problem you're
> describing and the same problem without any NATs whatsoever.  For example
> if I get a publicly routable IP address from my ISP and I want you to
> send me some packets, I need to somehow tell you that IP address.  I 
> might do that with DNS or via some other protocol (or SIP or Jabber).

Without NATs, you need:
	my IP address
	the port I run the service on

I can run services that will accept incoming calls from anyone on that port.

With NATs, I need to know YOU are calling be somehow, so that I can do
something to trigger the NAT upstream from me ("my" NAT, though I
typically don't 'control' it except by sending packets that trigger

The only way to do that is via a server on the public Internet (short of
a telephone, which can cheat in any coordination system).

I.e., a NAT'd Internet is an incomplete architecture; it cannot usefully
exist without non-NAT'd servers.

> A fully NATted universe doesn't work, I agree.  But it is possible for
> two NATted devices to exchange UDP (and TCP) packets without relaying
> those UDP (TCP) packets through some non-NATted device.

They don't need to relay, but they do need the non-NAT'd device to
register and exchange information. That's not the same as what a DNS
does; a DNS just converts a name to an address; there's no 'exchange' of
information between endpoints; the DNS isn't needed so that I know you
will be calling me and act accordingly.

>> Two NAT'd boxes alone cannot talk to each other.
>> (and I assume NATs aren't under your own control because they 
>> that's the typical case).
> At Starbucks or as a subscriber in S. Korea or China, I agree it's typical.

As a cable Internet subscriber in the US, too. Same for some DSL
subscribers as well. It's not just a road-warrior or controlled-Internet


More information about the end2end-interest mailing list