ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why?

2005-03-15 07:33:04
from [Keith Moore] [Permanent Link]
I'm not sure they're the same people in both cases. but here's a litmus test - if there's not a token for any host A that host B can hand to host C at some arbitrary location in the network and have C use that token to quickly and reliably establish a connection to A (modulo access control) then the architecture is dysfunctional. or to put it another way - if DNS or a similar name-to-locator (or name-to-identifier+locator) translation mechanism requires special knowledge to make it work, that isn't available to "ordinary" apps, the architecture is dysfunctional.
While I would agree with you, I think that horse has left then barn so long ago that the door has rotted and fallen apart.
I think everybody will acknowledge that the existing IPv4+NAT+hacks network is a huge mess. what I don't accept is that the existing mess will be incorporated into any possible future network architecture. people do abandon obsolete technologies - slowly at first, more quickly after the early adopters see the benefits. I don't know many people cooking with wood stoves, using steam engines to power machinery, or cleaning clothes with a washboard these days.
(I wonder if anybody told Edison, when he started to sell electricity, that that horse had already left the barn? or maybe this is a marketing problem in that people implicitly expect the network of tomorrow to look a lot like the one today? to me it seems that the Internet has drastically changed every two years or so since it began, so I expect it to keep changing for awhile. for instance, I don't expect the general-purpose PC to be the dominant kind of terminal on the network for much longer.)
Just to give one example beyond that of NAT's and RFC 1918 addresses --- consider internal/external split DNS arrangements. They are occasionally used as a hack to get around the problem that we don't have a reliable (location-specific) service location service that all applications can be trusted to use.
one of the many problems with this is that DNS isn't in that category either. actually I don't think it will ever be reasonable to expect all apps to use any particular service location service, whether or not it's location-specific. (or maybe even especially if it's location-specific). different apps have different needs.
(I.e., when you are attached to the home network, use this set of MX records, but if your laptop is connected to the IETF conference wireless network, use this *other* set of MX records.) So given that the only tool network administrators have is the DNS, there are tools which effectively use internal DNS views as a crowbar to effectively turn (some) URL's into URN's. 

Does that mean that the Internet Architecture is dysfunctional?
without knowing why your laptop needs different MX records in different situations, I can't tell.
as for using split DNS, the only reason this appears to work at all is because you're only expecting to get a small number of apps on a small number of hosts to work in this scenario.
Perhaps, but then again, I'm beginning to have a lot more sympathy with the point of view that we all come from dysfunctional familieis; the only question is how dysfunctional.
as you say, the question is how dysfunctional. there's an important difference between limited hacks that are useful in isolated corner cases that only affect a few hosts, and expecting those hacks to be generally useful and widely deployed.
The real problem though is that because of limitations in the Internet architecture that have been with us for decades --- and this goes beyond whether or not addresses are 4 bytes or 8 bytes or 16 bytes, and whether we have a host identifier and routing component in the address --- we have this huge installed base of applications, conceptual maps of how to solve problems in network administrators, security policies at corporations that effectively dictate things like NAT's, private address spaces, and split DNS setups, which is extremely hard to overcome. And we really expected IPv6, which after all really only increased the number of addressing bits, to address all of these issues? How much like an engineering organization....
well, at the time the IPng work was started, most of these problems were not nearly so obvious or widespread. so I don't know how many of us expected it to address all of these issues. clearly it does not. on the other hand, these issues need to be addressed anyway, and it's easier to address these issues in an IPv6 world than in an IPv4 world. 

Keith


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why?, Theodore Ts'o
Next by Date:  Re: FW: Why?, Brian E Carpenter
Previous by Thread:  Re: Why?, Theodore Ts'o
Next by Thread:  Re: Why?, Brian E Carpenter
Indexes:  [Date] [Thread] [Top] [All Lists]