Re: F1000 requirements?

[Geoff Huston <gih@telstra.net>]

At 07:48 PM 28/04/2004, Brian E Carpenter wrote:
> > But I don't quite understand what NAT has to do with multihoming.
> > Multihoming has to do with making addresses directly reachable
> > via multiple paths. NAT has to do with hiding unreachable
> > addresses behind reachable ones. Aren't these two things orthogonal?
>
> Speaking as a well-known NAT hater, I have to say that if a site
> is hidden behind a NAT router that has connectivity to two
> ISPs, site multihoming (without session survival) is clearly
> straightforward. The router simply starts NATting to the other
> ISP, which breaks existing sessions but moves new sessions to
> the new ISP. No host inside the site knows that anything has changed.

I'm not sure how we are so far down this alleyway. I understand the issue to be
"If you are going to base an endpoint identity on a locator, then this is a
restatement of the PI / PA problem, but perhaps in a more complex fashion
as you are now attempting to NIT rather than NAT at the edge." The take I get
from this is that there is a sector out there that would be more comfortable
in drawing identity tokens from a pool that is not aligned with network 
topology.
This may point to a preference from this sector to use of identity token values
that are opportunistic (a la HIP), DNS FQDN related, or a separately
allocated token space. In such a space its not even clear to me that you need
to align individual identity tokens values within an administrative structure
(i.e. would you necessarily need all the identity tokens values to share
a common prefix? The question posed in the HIPRG BOF in Seoul pointed
to distributed hash trees as a means of reverse resolving unstructured
identity spaces, as I recall).

thanks,

 Geoff