In TRIAD, as with conventional NAT, the Internet consists of an interconnected set of address realms connected in a hierarchy. At the leaf level, an address realm corresponds to an enterprise or university network, a military installation, or much smaller units like a collection of autonomous sensors or a home network or even a set of virtual hosts on a single physical machine. At this level, the firewall or border router is extended to act as a TRIAD relay agent between realms, translating packet addresses as it relays packets between the realms that it interconnects. Higher-level address realms correspond to local and global Internet service providers (ISPs). Backbone or wide-area ISPs can connect at peering points, the same as today, but with high-speed relay agent routers at these points.
The end-to-end Internet-wide identification of a host interface
or multicast channel
is provided in TRIAD by a hierarchical character-string (DNS) name.
This name is the basis for all end-to-end identification, authentication,
and reference passing.
There is no other identifier for the host interface that is global
and persistent,
unlike addresses in IPv6 and in the original Internet architecture.
In particular, (IPv4) addresses have no end-to-end significance.
Within a realm, the operation of naming, addressing and routing operates the same as currently with IPv4. Thus, there are no host or router changes required. The relay agent or agents connecting a realm to other realms provide naming and routing services plus WRAP relaying of packets. WRAP, the Wide-area Relay Addressing Protocol (WRAP), is a ``shim'' protocol which carries the transport header and data as its payload, similar to other IP encapsulation protocols. The WRAP header contains a pair of Internet Relay Tokens (IRTs), the reverse token and forward token. An IRT is a potentially opaque variable-length field that extends the addressing beyond that provided by IPv4.
Fig. 1 illustrates the operation of TRIAD between realms with two hosts, src.Harvard.EDU and dst.Ietf.ORG, assuming Harvard.EDU and Ietf.ORG are two separate realms connected via a single intermediate realm, the ``external'' Internet.
Figure 1: Inter-realm packet transmission in TRIAD:
The host named ``src'' with IPv4 address S in realm Harvard.EDU
sends to the host named ``dst'' and IPv4 address D in realm Ietf.ORG.
The packets below the dotted line indicate how the IP and WRAP headers
changes as it crosses the three realms,
with the header listed as source address, destination address, reverse IRT,
and forward IRT.
For src to send to dst, the name lookup of dst.Ietf.ORG is handled by the relay agent relay.Harvard.EDU for this realm, with internal IPv4 address RA1 and external IPv4 address RA1'. This relay agent determines the appropriate next relay agent from its directory mapping of Ietf.ORG and then communicates the name lookup across the Internet to the relay.Ietf.ORG, the relay agent for the Ietf.ORG realm. (This relay agent has internal IPv4 address RA2 and external IPv4 address RA2'.) In response to this query, relay.Ietf.ORG returns to relay.Harvard.EDU an IRT f' that designates dst relative to RA2'. Then, relay.Harvard.EDU returns an IRT f to src which designates dst.Ietf.Org relative to RA1, creating any state it needs to map f to f'.
Then, src sends an IPv4 packet addressed to RA1 with f stored in the WRAP header. On reception, RA1 translates f into f' and transmits the packet with destination address RA2' and source address RA1', as shown in the middle packet in the figure. The WRAP header also contains the reverse IRT r', which indicates the source of the packet relative to RA1'.
On reception at RA2', the reverse IRT in the packet is translated to a new value r which represents src.Harvard.EDU relative to RA2. This relay agent then transmits the packet with an empty forward IRT, IPv4 destination address D and and source address RA2, as shown in the rightmost packet in the figure.
Thus, dst receives the packet as a normal IPv4 packet sent by its relay agent RA2 but also containing an IRT that identifies the actual source of the packet relative to its relay agent. The packet is then passed up to the next higher layer processing, such as TCP or UDP.
The destination can determine the source host name by a reverse name lookup at the last relay agent using the received IRT. However, it can respond to a packet directly by ``reversing'' the IRT (using a fixed algorithm) and sending the packet to the local RA with this reversed IRT. This causes the packet to return along the reverse of the relay path on which the original packet was received. Alternatively, the destination can perform a lookup on the source name (after determining it as above) to get a separate IRT and RA to reach this host. This alternative is more flexible, allowing for asymmetric routing at the cost of an extra name lookup.
The IRT and the RA address are local in scope and transient. That is, the IRT is only meaningful relative to the RA and is only guaranteed to be T-stable: it does not go from one valid association with a relay agent to another in less than time T, where T is typically hours. In particular, it can become invalid at any time but can only be reassigned to another use after time T. Thus, passing an IP address or an IRT in the data portion of a packet to the other endpoint is meaningless in general.
A WRAP proxy, referred to as a WRAPID gateway (see Section 6), allows existing IPv4 hosts to interact with WRAP-enabled hosts and servers without any modification. A WRAPID gateway is just an extended NAT-capable router or firewall which is able to WRAP and unWRAP packets going through it, as appropriate.
TRIAD provides end-to-end transport semantics while still making extensive use of address translation by basing the transport-layer pseudo-header on names, not addresses, as described next.