Re: Comment on draft-iab-ipv6-nat-00

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Keith Moore allegedly wrote on 03 19 2009 5:17 AM:
> It's all well and good to imagine a world where there would be a clear
> ID-LOC separation.  But we've never created such a world, and we don't
> currently have an ID-LOC mapping layer that is good enough to use by all
> applications.  

I don't think this question needs to arise.  There is no need, or
reason, that a single identifier would be used for all purposes.
Identifiers that are used to find out where to send packets for {initial
discovery (mapping), contact, and establishment of a session} do not
have to be the same as identifiers that applications use for session
maintenance.  Higher layer identifiers can be transient and only need to
be unique within their very limited scope of use.  The requirements on
their use are very different from requirements for identifiers used for
initial discovery and contact.  There is no reason why they need to have
anything to do with locators.  Only the identifiers that are used for
initial discovery need to be mapped -- for example domain names and URIs.

> DNS falls short in many ways.  And as long as there is
> not a universal mapping layer that is aware of things like NATs and
> mobility, and for that matter as long as there are devices that impose
> arbitrary limitations on traffic flow (e.g. connections have to be
> initiated from "inside"), there will be a need for applications to deal
> explicitly with IP addresses.  Sure it's ugly but it's the best that
> applications can do.

I don't see this.  You need something (e.g. a domain name or URI) to map
to _some_ addresses which you can use to launch your initial packets
toward your destination.  They don't have to be the same addresses that
the destination thinks it has, as long as the packets get there and
there is a mechanism to establish security associations and multiple
path use.

> Saying that applications should use names rather than addresses,
> especially in the context of a NATted Internet, is tantamount to saying
> (a) that we have perfect faith in DNS to reliably map names to addresses
> at all times, in all realms, and that DNS RRs will never leak across
> realm boundaries, and (b) that we have perfect faith that any address
> pair chosen by the host stack for communication will continue to
> function for the entire lifetime of the association.  

No no no.  The address pair just has to last long enough to establish an
association.  If we're lucky we'll figure out how to do it even while IP
addresses are changing.

Scott
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]