[e2e] 100% NAT - a DoS proof internet
Joe Touch
touch at ISI.EDU
Wed Feb 22 07:48:24 PST 2006
alok wrote:
>> But would any OS stack out there support this sort of a transaction, based
>> completely on "$who-->send data" instead of the recursive "$who-->$where
> and
>> then send data"?
>
> The OS isn't what needs to support it; the name needs to go in the IP
> packet. Which means routing on DNS names. See TRIAD.
>
> With respect to NATs, you're just asking to have names rewritten; this
> doesn't solve anything.
>
> =>
> yes like TRIAD, except that it works differently when I have multiple NATs.
> It tends to "go up" and come down the same way.
>
> Take for example: (assuming all nodes are triad nodes)
>
> PC1--node1----node2--Node3--PC2
> | | | |
> +----Node4---Node5--node6---+
>
> If PC1 connects to PC2 via NAT1-NaT2-Nat3, PC2 is constrained to reply via
> NAT3-Nat2-Nat1.
You didn't say how PC1 finds out that it should go n1-n2-n3, vs.
n1-n4-n5, or even back to p1. It needs to route. Which means it needs a
publicly routable ID for p2, which means that n2 needs to know where p2
is. But n2 never sees p2's ID; it only sees n3's.
> A bit different from the way the internet behaves today, is it not?
And not in a good way, IMO ;-) I like a net that works (above) and that
scales. Even if it worked, it would rely on a kind of source-routed
state that was deposited in the NATs - on a per-endpoint pair basis.
> I may have xMb uplink via node1 but a 10xMb downlink via node4.
>
> It may not matter if the NAT is close to the edge PC but it does matter as
> he NAT moves further up in the provider network, or at least it did when I
> used to try installing web caches.
More information about the end2end-interest
mailing list