[e2e] 100% NAT - a DoS proof internet

alok alokdube at hotPOP.com
Wed Feb 22 23:21:05 PST 2006



alok wrote:
>> But would any OS stack out there support this sort of a transaction,
based
>> completely on "$who-->send data" instead of the recursive "$who-->$where
> and
>> then send data"?
> 
> The OS isn't what needs to support it; the name needs to go in the IP
> packet. Which means routing on DNS names. See TRIAD.
> 
> With respect to NATs, you're just asking to have names rewritten; this
> doesn't solve anything.
> 
> => 
> yes like TRIAD, except that it works differently when I have multiple
NATs.
> It tends to "go up" and come down the same way.
> 
> Take for example: (assuming all nodes are triad nodes)
> 
> PC1--node1----node2--Node3--PC2
> |     |              |      |
> +----Node4---Node5--node6---+
> 
> If PC1 connects to PC2 via NAT1-NaT2-Nat3, PC2 is constrained to reply via
> NAT3-Nat2-Nat1.

You didn't say how PC1 finds out that it should go n1-n2-n3, vs.
n1-n4-n5, or even back to p1. It needs to route. Which means it needs a
publicly routable ID for p2, which means that n2 needs to know where p2
is. But n2 never sees p2's ID; it only sees n3's.

--> The label could be "local" between the 2 nodes as zaphod pointed out :-)

> A bit different from the way the internet behaves today, is it not?

And not in a good way, IMO ;-) I like a net that works (above) and that
scales. Even if it worked, it would rely on a kind of source-routed
state that was deposited in the NATs - on a per-endpoint pair basis.

--> :)





More information about the end2end-interest mailing list