Peter Deutsch wrote:
g'day,
"Michael B. Bellopede" wrote:
...
Regardless of what occurs at higher layers, there is still the problem of
changing the source address in an IP packet which occurs at the network(IP)
layer.
The Content Services Business Unit of Cisco (Fair Disclosure time -
that's my employer and my business unit) sells a product called
"Local Director". LD is intended to sit in front of a cluster of
cache engines containing similar data, performing automatic
distribution of incoming requests among the multiple caches. It does
this by intercepting the incoming IP packets intended for a specific
IP address and multiplexing it among the caches. Are we doing
something illegal or immoral here? No, we're offering hot spare
capability, load balancing, increased performance, and so on. The
net is a better place than it was a few years ago, when a web page
would contain a list of links and an invitation to "please select
the closest server to you".
We also have a product called "Distributed Director", which is
essentially a DNS server appliance which can receive incoming DNS
requests (e.g for "www.cnn.com") and reroute it to one or more cache
farms for distributed load balancing. If intercepting IP addresses
is evil, then presumably intercepting DNS requests is more evil,
since it's higher up the IP stack? No, it's a legitimate tool for
designing massive Content Service Networks of the scale needed in
the coming years.
These are both conformant with RFC 1122/1123 (together STD-3) because
they redistribute IP addresses within a stub network. Same with DHCP.
The questionable practices (wrt STD-3) arise when sourcing IP addresses
not delegated to your authority (i.e., running these services on transit
to someone else's server), rather than running them as a head-end to
your own stub.
Joe