[e2e] 0% NAT - checkmating the disconnectors

Dave Crocker dhc2 at dcrocker.net
Wed Mar 8 02:27:58 PST 2006 


>> I've come to believe that most of the approach to dealing with NATs 
>> almost comes for free if we do locator/identifier properly and provide 
>> a useful 'session' layer (or equivalent function with the app layer.)
> 
> Most, but not all.  The "session" identifier or other equivalent 
> end-to-end identity tokens (e.g., the identifiers used in HIP, in TCP 
> Migrate, etc.) are great for improving communication between two 
> endpoints.  

right.


> Unfortunately, they aren't enough by themselves to provide a global 
> identifier that retains its validity when passed between hosts 

That's ok.  I didn't suggest (or have) that as a goal.

It's a perfectly nice goal, but it goes far, far beyond a) common practice, 
independent of NAT's, and b) seems to have even less market demand than 
mobility...

(Mind you, I'm a great fan of mobile IP -- and I think being able to have an 
inter-process link migrate across host-platforms is delightful -- but the market 
pull doesn't seem to be creating any urgency for either of them.  It would, if 
it were strong.)


> This situation is parallel to the one you cited.  Layer two addresses 
> are not global (though by fate of manufacturing they are mostly unique), 
> and have no validity outside the local scope.  If we make IP behave the 
> same way, then we'll just end up replacing it with some higher layer 
> addressing and routing space.  I like overlays, 

Me to.  One might even think of a meta-net layer, on top of the current 
inter-net layer...

(Hey, it's been about 30 years since that stunt was pulled in the networking 
game.  Maybe it's time to do it again...)



James Kempf wrote:
 > So here's a security scenerio that, I'm told, is fairly common today. A
 > spammer exchanges what is know as a "pink letter" with an ISP. The ISP
 > promises not to cut off the spammer in exchange for a kickback.
 >
 > How would your proposal solve this problem?

I obviously do not understand the question, because all I can think of is the 
infinite number of problems that this does not solve, because they are not 
related.

It does not make a milkshake, or create world peace, and it certainly does not 
solve collusion between a spammer and an ISP.

How the heck would you expect a mechanism intended to do a few, specific things 
like making NATs tolerable have anything to do with the example you raise?



Joe Touch wrote:
 > They don't translate anything. They remove the incoming link header and
 > write a new outgoing link header.

Sounds a bit like removing the incoming IP header and adding a new, outgoing IP 
header.  That, at least, was the image I was intending to invoke.  It's a tad 
uncomfortable, but I claim it is not unreasonable.

The bottom line that this perspective promotes is that IP is not end-to-end -- 
anymore, if it ever truly was -- but that some stuff on top of it (still) needs 
to be.

More generally, end-to-end is always rather relative, particularly seeming to 
exist relative to the layer below, but rarely to the layer above.

d/

-- 

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>

More information about the end2end-interest mailing list