Re: Why?
2005-03-15 07:33:04
I'm not sure they're the same people in both cases. but here's a
litmus test - if there's not a token for any host A that host B can
hand to host C at some arbitrary location in the network and have C
use that token to quickly and reliably establish a connection to A
(modulo access control) then the architecture is dysfunctional. or
to put it another way - if DNS or a similar name-to-locator (or
name-to-identifier+locator) translation mechanism requires special
knowledge to make it work, that isn't available to "ordinary" apps,
the architecture is dysfunctional.
While I would agree with you, I think that horse has left then barn so
long ago that the door has rotted and fallen apart.
I think everybody will acknowledge that the existing IPv4+NAT+hacks
network is a huge mess. what I don't accept is that the existing mess
will be incorporated into any possible future network architecture.
people do abandon obsolete technologies - slowly at first, more quickly
after the early adopters see the benefits. I don't know many people
cooking with wood stoves, using steam engines to power machinery, or
cleaning clothes with a washboard these days.
(I wonder if anybody told Edison, when he started to sell electricity,
that that horse had already left the barn? or maybe this is a
marketing problem in that people implicitly expect the network of
tomorrow to look a lot like the one today? to me it seems that the
Internet has drastically changed every two years or so since it began,
so I expect it to keep changing for awhile. for instance, I don't
expect the general-purpose PC to be the dominant kind of terminal on
the network for much longer.)
Just to give one example beyond that of NAT's and RFC 1918 addresses
--- consider internal/external split DNS arrangements. They are
occasionally used as a hack to get around the problem that we don't
have a reliable (location-specific) service location service that all
applications can be trusted to use.
one of the many problems with this is that DNS isn't in that category
either. actually I don't think it will ever be reasonable to expect
all apps to use any particular service location service, whether or not
it's location-specific. (or maybe even especially if it's
location-specific). different apps have different needs.
(I.e., when you are attached to the home network, use this set of MX
records, but if your laptop is connected to the IETF conference
wireless network, use this *other* set of MX records.) So given that
the only tool network administrators have is the DNS, there are tools
which effectively use internal DNS views as a crowbar to effectively
turn (some) URL's into URN's.
Does that mean that the Internet Architecture is dysfunctional?
without knowing why your laptop needs different MX records in different
situations, I can't tell.
as for using split DNS, the only reason this appears to work at all is
because you're only expecting to get a small number of apps on a small
number of hosts to work in this scenario.
Perhaps, but then again, I'm beginning to have a lot more sympathy
with the point of view that we all come from dysfunctional familieis;
the only question is how dysfunctional.
as you say, the question is how dysfunctional. there's an important
difference between limited hacks that are useful in isolated corner
cases that only affect a few hosts, and expecting those hacks to be
generally useful and widely deployed.
The real problem though is that because of limitations in the Internet
architecture that have been with us for decades --- and this goes
beyond whether or not addresses are 4 bytes or 8 bytes or 16 bytes,
and whether we have a host identifier and routing component in the
address --- we have this huge installed base of applications,
conceptual maps of how to solve problems in network administrators,
security policies at corporations that effectively dictate things like
NAT's, private address spaces, and split DNS setups, which is
extremely hard to overcome. And we really expected IPv6, which after
all really only increased the number of addressing bits, to address
all of these issues? How much like an engineering organization....
well, at the time the IPng work was started, most of these problems
were not nearly so obvious or widespread. so I don't know how many
of us expected it to address all of these issues. clearly it does not.
on the other hand, these issues need to be addressed anyway, and it's
easier to address these issues in an IPv6 world than in an IPv4 world.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
|
|