The following technical paper explains AVES in full detail and provides information about our Linux based implementation and its performance. It also explains the application, security, and scaling limitations of AVES.

• T. S. Eugene Ng, Ion Stoica, Hui Zhang, "A Waypoint Service Approach to Connect Heterogeneous Internet Address Spaces", USENIX Annual Technical Conference 2001, Boston, MA, June 2001 [.ps.gz] [.pdf].

• Click here for my USENIX '01 presentation on AVES.

We have tested our AVES implementation on RedHat Linux 6.1 and above, although we believe a version 2.2 or above Linux kernel is the only requirement. There are many features in our implementation that are not yet described in the paper. Below we provide an overview.

Security Features:

AVES has a lot of security features to keep a user's computers as protected as possible, however, a user should always secure his computers just as he should secure his NAT gateway even if he is not using AVES.

The first concern of an AVES user is, will any random person be able to connect to his computers at home? We have implemented the following security features to protect users from malicious attackers:

• Message and data packet authentication
• Anti-waypoint-scanning to prevent attackers from connecting to undisclosed avesnet.net destinations
• Anti-scanning of avesnet.net domain names to prevent leakage of undisclosed avesnet.net host names

Authentication ensures that connections can only be established through the AVES service provider. A random person cannot directly connect to a user's computers without going through AVES. Moreover, to connect to a user's computers through AVES a person needs to know the host names of those computers. If a person does not know any host names and tries to attack the system, the anti-waypoing-scanning feature will reject the person from the system for an extended period of time. The host names themselves, unless disclosed voluntarily by the user, are hard to obtain because AVES has anti-host-name-scanning. What this does is that, if a malicious person is trying to discover host names by guessing, the response time for the queries from such person will become extremely slow, making the attack impractical.

Even if a person knows the host name of a user's computer (e.g. the computer is a public web server), AVES has other features to keep the person's activities in check:

• Session initiation rate limit
• Per session flow limit protection for both waypoint and NAT gateway
• Security attack detection during waypoint wait state to prevent overload

These features all aim to put a hard limit on the amount of system resources a person can consume. These limits should not be reached under normal usage scenarios.

DHCP Support:

It is typical that an AVES user's NAT gateway does not have a fixed IP address assigned by the ISP. Instead, the NAT gateway obtains a dynamic IP address from the ISP on power-up through the DHCP protocol. To support dynamic IP address, we have added these following features:

• Authenticated NAT gateway IP address registration
• Allows NAT gateway to be named nat.yourdomainname.avesnet.net

When a user powers-up his NAT gateway, it authenticates itself with the AVES service provider and transfers its new IP address to the service provider. AVES also by default assigns the NAT gateway a host name for convenience.