Re: F1000 requirements?

[ww@styx.org]

On Tue, Apr 27, 2004 at 07:29:48AM -0700, Erik Nordmark wrote:
> 
> Couldn't the Oracle server be assigned an obfuscated
> domain name (<very long string of random digits/characters>.example.com)
> and only your partners would be told the domain name to use?

I don't think this would fly since anyone (with sufficient 
motivation, boredom, whatever) on the path along which DNS
queries traveled (partner --> root servers and back, partner
--> example.com public dns server and back) would see the
obfuscated name travelling on the wire.

If hiding a particular server is required, why not give it
a site-local address, and then just forward the particular
TCP port that it uses using an application layer proxy? UDP
services are of course trickier...

But I don't quite understand what NAT has to do with multihoming.
Multihoming has to do with making addresses directly reachable
via multiple paths. NAT has to do with hiding unreachable
addresses behind reachable ones. Aren't these two things 
orthogonal?

-w
-- 
One day, a student asked a master, "Master, there is conflict between the
suits and the sysadmins. Which group has the Zen nature, and which group is
grieviously disturbing the stillness of the Tao?" And the master said nothing,
but installed an operating system. And the student was enlightened.
    - A.S.R. quote (Anthony DeBoer)