At 14.35 -0700 2000-04-09, Dave Crocker wrote:
Let's remember that a major goal of these facilities is to get a
user to a server that is 'close' to the user. Having interception
done only at distant, localized server farm facilities will not
achieve that goal.
Further, I'm unclear about the architectural difference between (and
apologies if things don't quite line up):
client --> Internet -> ISP -> Intercept -> subnet1 -> Server1
-> subnet2 -> Server2
-> subnet3 -> Server3
versus
client --> Internet -> ISP -> Intercept -> Internet -> Server1
-> Internet -> Server2
-> Internet -> Server3
In the first case, which Peter Deutch brought up with the cisco local
director, I understand your picture being that the entity which
provides the service running on Server1, Server2 and Server3 do
provide either a hostname and/or IP-address which goes to a virtual
host which resides "inside" the box which is doing the intercept.
That box rewrites the IP headers including destination address etc
and ships the packet to one of Server1, Server2 or Server3.
I.e. the client ask to contact the virtual host, and the virtual host
is contacted.
In the second case (which is what I am opposing) the server provider
does not have anything to do with the interception. He runs only
Server1, while Server2 and Server3 are caches which the ISP chooses
to redirect the packages to which are addressed to Server1.
That is from my point of view a big difference.
In the first case, the packets sent from the client reaches the
destination (i.e. the interceptor, which really is not an interceptor
at all, but some kind of NAT box like the cisco Local Director) while
in the second case packages addressed to Server1 might not reach
Server1 but Server2 or Server3.
paf