On Wed, 14 Mar 2001, Timothy R. McKee wrote:
Let's have a reality check here.
Our job as **OPERATORS** is to provide our subscribers with simple and reliable access to what they consider as the Global Internet. They have the following 2 reasonable expectations:
1) That they can access any publicly acessible web, ftp, email, etc server anywhere in the world by using the destination's published textual address. Without, I might add, having to know that certain locations require loading a special plug-in, changing their resolver, or artificially padding the name.
Bear in mind that in many cases, this is an illusion. They aren't accessing the same machine at all. Someone is using round robin DNS to map one name into several IP addresses, or a Local Director to map one IP address into many IP addresses, or there is some other such substitution being employed. In some cases the party serving the data is involved in the illusion. In others, as in transparent proxying, someone along the way is intervening. This is often silent and may have the consent of neither the user/client or whoever is running the intended target.
Remember that, regardless of theoretical arguments, _WE_ are the ones that have to deal with the messes that result from things like this... _WE_ are the ones who will have to pay for the increased NOC and Tech Support staff and phone charges...
My point is that we are already in the world that you are warning us about. People are happily using one address space within their company and quite another to talk to the outside world, with NAT mediating between the two. Their internal DNS is also different from the DNS seen on the global Internet. And it all seems to be working exceedingly well, despite the fact the games people play with IP addresses and domain names are becoming very subtle indeed. -- Jim Dixon VBCnet GB Ltd http://www.vbc.net tel +44 117 929 1316 fax +44 117 927 2015