[e2e] 100% NAT - a DoS proof internet

[Joe Touch]

Saikat Guha wrote:
> On Wed, 2006-02-22 at 08:24 -0800, rick jones wrote:
> 
>>On Feb 22, 2006, at 12:32 AM, Saikat Guha wrote:
>>
>>>NATs (not counting firewalls) are used to extend the IPv4 address 
>>>space.
>>>The address space for "names" is infinite. Is there a motivation behind
>>>designing or deploying name-translation devices?
>>
>>names (in the DNS or something like it I presume?) may be essentially 
>>infinite, but are they "free?"  IIRC even with IPv4 ISP's were/are 
>>offering multiple IPs to customers - for a price
> 
> 
> I imagine that price stems from the scarcity of IPs in the ISP's address
> block. ISP's routinely offer customers multiple free email addresses.

Price != cost.

In this case, price stems from the ISP's desire to differentiate
(artificially) the difference between commercial customers and
individual consumers. In some cases, getting a real IP address requires
converting an account to commercial.

>>I also thought that NAT's were used to provide some (small) measure of 
>>anonymity.
> 
> Names need not betray organizational topology, nor prevent anonymity.

IP addresses don't betray topology; you can have source routes
throughout an organization. As to anonymity, that's exactly what they
prevent unless the NAT rewrites the name.

> NATs are a hack to circumvent IP routing without changing endhosts. A
> name-based routing would require changing endhosts anyway. It would also
> allow implementing these "services" that NATs provides now, at the
> endhosts themselves. Clever name-based routing protocols (i3 for
> example) can reach the destination without requiring NATs in the middle
> for anonymity and topology hiding.

Yes, there are other ways to hide topology and protect hosts that don't
involve NATs; unfortunately, NATs are the dominant solution in play.

Joe