ietf
[Top] [All Lists]

RE: Routing at the Edges of the Internet

2011-08-29 21:50:59
Worley, Dale R wrote:
Someone says, Many deployed systems don't
implement that mechanism correctly.

That's not what I said; the mechanism is deployed correctly, the problem
is that there is another layer on top of it (in that case, the Windows
Firewall, but it's not the only culprit) that prevents the otherwise
working code from working correctly. I forgot to mention it, but the #1
remedy to the problem was to disable the SP2 Windows Firewall.

This problem has become highly visible because of the sheer number of
Windows XP hosts out there. Even as of today, XP still ranks #1 in the
deployed host platform. That being said, I have seen many firewall
policies on the firewall side that blocked it too; the problem is not
only a Microsoft one.

The mechanism (ICMP redirects) is technically fine and socially not.
People have become paranoid and now they firewall everything. It is a
behavioral animal. I'm not saying it's a good idea; the market answer to
crossing firewalls is to encapsulate everything into HTTPS, which is
probably worse. But then again, we have to deal with market pressure
against technically sound solutions, and the market almost always wins.


It seems that the answer is to fix the deployed
systems, rather than designing a new mechanism.

It is not the deployed systems we have to fix.
P.I.C.N.I.C.


Michel.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf