[e2e] 0% NAT - checkmating the disconnectors
dhc2 at dcrocker.net
Wed Mar 8 02:27:58 PST 2006
>> I've come to believe that most of the approach to dealing with NATs
>> almost comes for free if we do locator/identifier properly and provide
>> a useful 'session' layer (or equivalent function with the app layer.)
> Most, but not all. The "session" identifier or other equivalent
> end-to-end identity tokens (e.g., the identifiers used in HIP, in TCP
> Migrate, etc.) are great for improving communication between two
> Unfortunately, they aren't enough by themselves to provide a global
> identifier that retains its validity when passed between hosts
That's ok. I didn't suggest (or have) that as a goal.
It's a perfectly nice goal, but it goes far, far beyond a) common practice,
independent of NAT's, and b) seems to have even less market demand than
(Mind you, I'm a great fan of mobile IP -- and I think being able to have an
inter-process link migrate across host-platforms is delightful -- but the market
pull doesn't seem to be creating any urgency for either of them. It would, if
it were strong.)
> This situation is parallel to the one you cited. Layer two addresses
> are not global (though by fate of manufacturing they are mostly unique),
> and have no validity outside the local scope. If we make IP behave the
> same way, then we'll just end up replacing it with some higher layer
> addressing and routing space. I like overlays,
Me to. One might even think of a meta-net layer, on top of the current
(Hey, it's been about 30 years since that stunt was pulled in the networking
game. Maybe it's time to do it again...)
James Kempf wrote:
> So here's a security scenerio that, I'm told, is fairly common today. A
> spammer exchanges what is know as a "pink letter" with an ISP. The ISP
> promises not to cut off the spammer in exchange for a kickback.
> How would your proposal solve this problem?
I obviously do not understand the question, because all I can think of is the
infinite number of problems that this does not solve, because they are not
It does not make a milkshake, or create world peace, and it certainly does not
solve collusion between a spammer and an ISP.
How the heck would you expect a mechanism intended to do a few, specific things
like making NATs tolerable have anything to do with the example you raise?
Joe Touch wrote:
> They don't translate anything. They remove the incoming link header and
> write a new outgoing link header.
Sounds a bit like removing the incoming IP header and adding a new, outgoing IP
header. That, at least, was the image I was intending to invoke. It's a tad
uncomfortable, but I claim it is not unreasonable.
The bottom line that this perspective promotes is that IP is not end-to-end --
anymore, if it ever truly was -- but that some stuff on top of it (still) needs
More generally, end-to-end is always rather relative, particularly seeming to
exist relative to the layer below, but rarely to the layer above.
More information about the end2end-interest