From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>
...
But IP-layer interception has some fairly significant limitations
for this application. ...
There's a technical problem with IP intercepting that I've not seen
mentioned, including in the draft. Any intercepting based on TCP or UDP
port numbers or that makes any assumptions about TCP or UDP port numbers
will have problems, because of IPv4 fragmentation. It seems plausible
that intercepting done by/for the server(s) would want to redirect all
traffic for a given IP address, and so not be affected by port numbers.
(Thus, it may make sense for the draft to not mention the issue.)
However, "transparent" HTTP proxy and email filtering and rewriting schemes
such as AOL's that need to intercept only traffic to a particular port
cannot do the right thing if the client has a private FDDI or 802.5 network
(e.g. behind a NAT box) or has an ordinary 802.3 network but follows the
widespread, bogus advice to use a small PPP MTU.
Yes, I realize IPv6 doesn't have fragmentation, but most if not all of
the distant-from-server IP interception schemes sound unlikely to work
with IPv6 for other reasons.
Bottom line is that IP-layer interception - even when done "right" -
has fairly limited applicability for location of nearby content.
Though the technique is so widely mis-applied that it might still be
useful to define what "right" means.
That sounds overly optimistic.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com