[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Notes about identifier - locator separator

To: Pekka Nikander <Pekka.Nikander@nomadiclab.com>
Subject: Re: Notes about identifier - locator separator
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 3 Nov 2002 13:29:27 +0100 (CET)
Cc: <multi6@ops.ietf.org>
In-reply-to: <3DC5016D.2060907@nomadiclab.com>

On Sun, 3 Nov 2002, Pekka Nikander wrote:

>  From my point of view, end-point naming is one of the most
> important "services" IP provides today (in addition to
> the packet forwarding "service", of course).

Ah, I see.

> There are two issues here:  The "real" nature of the new identifiers,
> and the representation of the new identifiers in application data
> structures.  For application level backwards compatibility, we
> obviously want the new identifiers to look (almost) like IP addresses.

We should have a new API that makes it possible to use the real
identifiers (= the host names). Obviously you can map a 32 or 128 bit
value to a name and put this name in the DNS so you can run old
applications over the new transport protocol. However, that means you
have to sacrifice the old API(s) as you either use them as they are now
(= no old programs use the new transport) or reroute them over the new
transport (= no programs can use regular IPv4 or IPv6). For IPv6 this
would be bad. For IPv4 it would be good if the host doesn't have an IPv4
address. It can then connect to dual-stack IPv6 hosts over IPv6 with the
application thinking it's doing IPv4. This would break some stuff if the
originating host doesn't have a valid IPv4 address, though.

> Thus, as long as application level backwards compatibility is an issue,
> we want the interaction between the "upper" IP layer and the transport
> layer to look like it looks like today.

No, we want a new API so new apps can be clean. Use dirty hacks for the
old stuff if we need backward compatibility.

> > Leaving out source addresses means you can't protect yourself against
> > DoS attacks.

> Source addresses don't help much with DDoS attacks today.
> I sincerely doubt they ever would.  I think that the idea
> that ingress filtering would effectively cut down DDoS
> is a fallacy.  But some others disagree with me, I know.

One of them being me. Besides, nobody can predict the future: "640k
should be enough for everyone." "There is only a market for five
computers world wide: one for each continent." "George Lucas is insane.
Who is ever going to download an entire movie over the net?"

References:
- Re: Notes about identifier - locator separator
  - From: Pekka Nikander <Pekka.Nikander@nomadiclab.com>

Prev by Date: Re: Notes about identifier - locator separator
Next by Date: Re: Notes about identifier - locator separator
Previous by thread: Re: Notes about identifier - locator separator
Next by thread: Re: Notes about identifier - locator separator
Index(es):
- Date
- Thread