Subject: There are no NAT boxes on the Internet and never have been. Date: Tue, Jan 27, 2015 at 12:40:19PM -0500 Quoting Phillip Hallam-Baker (phill@xxxxxxxxxxxxxxx): > Since my paper was rejected, I did not attend the middlebox workshop. <snip> > It does not hold for an inter-network because the definition of an > Internetwork is that there is no central control point. Which in turn means > that we can't implement certain security functions in the Internet (though > there are some functions such as traffic analysis defense that can only be > implemented there). Your definition of The Inter-Network does not look to me as "no central control point" but more in the direction of "The network where there are no middleboxes" which is IMNSHO less satisfactory. Not to mention an exercise in circulus in probando in the light of the present discussion. I do, however, agree that for the IP-network overseer there exists a right to manage traffic by regulating it but that right should be as delegated as possible and flexible if at all possible. Is it, then, worthwhile to try expanding the radius of the Inter-Network as defined by lack of middleboxes? Is it worthwhile to try expanding the radius of the Inter-Network as defined by e2e reachability perhaps partially regulated by policy at AS border? I'm using AS-border because that seems to be the most neutral and unambigous point in the network (of networks) if one wants to make a distinction between IP-Network and Inter-Network. Does the IETF have a rôle to play in this? My personal position from operational experience is that some middleboxes are more evil than others; that those who make it techically possible to keep for instance a TCP 5-tuple unmolested through them are easier to maintain, scale and live with, whereas those who require a new 5-tuple on the other side of the middlebox are considerably more evil, because they make themselves an integral part of the connection. (And the connection fails when the middlebox fails, which means that the reliability of the Inter-Network will be compromised) Perhaps the IETF does have a rôle to play, in supplying the networking world with methods and standards to scale out e2e networks, making the (IMNSHO) bad, invasive middleboxen less attractive in favour of less intrusive devices. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Please come home with me ... I have Tylenol!!
Attachment:
signature.asc
Description: Digital signature