ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: There are no NAT boxes on the Internet and never have been.

2015-01-27 14:25:02
from [Måns Nilsson] [Permanent Link] 
Subject: There are no NAT boxes on the Internet and never have been. Date: Tue, 
Jan 27, 2015 at 12:40:19PM -0500 Quoting Phillip Hallam-Baker 
(phill(_at_)hallambaker(_dot_)com):

Since my paper was rejected, I did not attend the middlebox workshop.


<snip> 


It does not hold for an inter-network because the definition of an
Internetwork is that there is no central control point. Which in turn means
that we can't implement certain security functions in the Internet (though
there are some functions such as traffic analysis defense that can only be
implemented there).


Your definition of The Inter-Network does not look to me as "no central
control point" but more in the direction of "The network where there
are no middleboxes" which is IMNSHO less satisfactory. Not to mention
an exercise in circulus in probando in the light of the present 
discussion.

I do, however, agree that for the IP-network overseer there exists a
right to manage traffic by regulating it but  that right should be as
delegated as possible and flexible if at all possible.

Is it, then, worthwhile to try expanding the radius of the Inter-Network
as defined by lack of middleboxes?

Is it worthwhile to try expanding the radius of the Inter-Network as
defined by e2e reachability perhaps partially regulated by policy at
AS border? I'm using AS-border because that seems to be  the most neutral
and unambigous point in the network (of networks) if one wants to make
a distinction between IP-Network and Inter-Network.

Does the IETF have a rôle to play in this? 

My personal position from operational experience is that some middleboxes
are more evil than others; that those who make it techically possible to
keep for instance a TCP 5-tuple unmolested through them are easier to
maintain, scale and live with, whereas those who require a new 5-tuple
on the other side of the middlebox are considerably more evil, because
they make themselves an integral part of the connection. (And the
connection fails when the middlebox fails, which means that the
reliability of the Inter-Network will be compromised)

Perhaps the IETF does have a rôle to play, in supplying the networking
world with methods and standards to scale out e2e networks, making the
(IMNSHO) bad, invasive middleboxen less attractive in favour of less
intrusive devices.

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Please come home with me ... I have Tylenol!!

Attachment: signature.asc
Description: Digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Community Input on change to the Trust Legal Provisions to accommodate the inclusion of RFC Templates, Eric Gray
Next by Date:  Re: Community Input on change to the Trust Legal Provisions to accommodate the inclusion of RFC Templates, Stephan Wenger
Previous by Thread:  There are no NAT boxes on the Internet and never have been., Phillip Hallam-Baker
Next by Thread:  Re: There are no NAT boxes on the Internet and never have been., Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]