[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Host-based may be the way to go, but network controls areneccessary



On Thu, 21 Nov 2002, J. Noel Chiappa wrote:

> Sure, you can probably clip off a small corner of the problem and add some
> hacks which do a lot of what you want to do in that small corner (e.g. pick
> the best exit gateway from your corporate network for this traffic). But
> that's all it will be - just a quick kludge that fixes some specific little
> goal - and, moreover, Yet One More Ugly Accretion that slowly kills the
> entire architecteure by the Death of 1000 Ugly Kludges.

> And, of course, that's exactly what this group will do - because doing the
> Right Thing is impossible.

So what's the right thing?

Being here in Atlanta was an eye-opener for me. It's unbelievable how
much work is still going on on IPv6 which by all accounts should have
been deployed by now.

The original TCP/IP architecture assumes that an interface on one host
communicates with an interface on another host, the network always knows
what connects where and nobody will try to disrupt all of this. Today,
most services run on several hosts (load balancers) or the other way
around (NAT). Most of the network has no idea if destinations are even
reachable, let alone what the shortest path is (CIDR). Every aspect of
the network is open to constant disruption (DDoS et al.). But IPv6 is
still just IPv4 with bigger addresses.

IPv6 is a reasonably good way to get packets across links. Routing and
layer 4 and up don't do what we need them to do so an architectural
overhaul is certainly in order.