[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Fwd: Minutes / Notes



> But don't mistake these questions for the first question - of whether you do
> the separation.

I would contend that modern applications already separate identity and location. Take three different example, the web, SIP, and P2P file sharing networks. In web applications, the objects are identified by an http URL; in SIP, end points are identified by a SIP URL; in P2P networks files are identified by their names and attributes. All of these applications treat IP addresses strictly as locations -- some place from which you can get a web page, to which you can send voice packets, from which you can get a slice of a file. The specific IP addresses vary over time, depending upon load balancing in web farms, transient registrations in SIP, or which of the file publishers happens to be on-line with P2P file sharing networks. P2P and the web, combined, represent the bulk of current Internet traffic.

In current networks, the identifier role of IP addresses is very limited. The most visible in the current discussion is the use of addresses to identify TCP connections, but we should add IPSEC associations, and filtering rules encoded in some firewalls or similar products. I would agree that these are problems, but they are limited in scope. In fact, the market is responding to these issues when needed: firewall traversal is now mostly based on VPN products, using explicit identification of users and computers; IPSEC sessions often require the exchange of identification tokens, independent of the IP address. 

The question is  not whether we want to separate the location and identity function of IP addresses. Clearly, application developers have voted on that one. They just use the location function, and rely on other systems for identity. IP addresses should be locators, period. The question is whether we want to pay an identifier tax at the IP layer. The tax will be significant: additional resolution procedures, additional overhead in the packets. The main justification of that tax would be to keep alive some long duration TCP connections, or some IPSEC sessions. This may benefit some applications, but the tax would have to be payed by everybody, whether they need the functionality or not. I would much rather not pay the identifier tax, and use a combination of application level sessions, TCP improvement, IPSEC fast rekeying, or maybe mobile-IP. There is no reason that everybody pays the tax when just a few benefit.

-- Christian Huitema