On Dec 29, 2009, at 7:08 AM, Steven Bellovin wrote:
On Dec 29, 2009, at 9:29 AM, Sachs, Marcus Hans (Marc) wrote:
Totally out of the box, but here goes: why don't we run the entire Internet management plane "out of band" so that customers have minimal ability to interact with routing updates, layer 3/4 protocols, DNS, etc.? I hope you're joking. If not, I have two questions: how can this be done, and what will the side-effects be?
Actually... Some of the models proposed in the IRTF Routing Research Group separate the "access network" from the "transport network". That is, end devices would be numbered from a different "namespace" than the nodes in the transport network. This would allow for the separation of identity from network topology allowing much greater scalability of the routing system (at the cost of requiring a mapping system that maps end point identifiers to/from network topology locators). Think of it as an automated ubiquitous end-to-end tunneling system that tunnels traffic to/from identifiers. A side effect of this approach would be along the lines what Marc is suggesting.
Take BGP, for example. The average residential consumer doesn't need BGP, doesn't speak it, and has no real ability to interfere with it, so there's no problem. But a multihomed customer *must* speak it.
Multihoming in the above model would simply mean the output of the mapping service of an identifier would result in two (or more) locators. Changing ISPs means simply changing the identifier to locator mapping. Ah, the joys of indirection... Of course, I'm a bit doubtful any of the models discussed in RRG or even LISP will gain much traction.
As for side-effects -- how can you proxy everything? Do you know every application your customers are running? Must someone who invents a new app first develop a proxy and persuade every ISP that it's safe, secure, high-enough performance, and worth their while to run? It's worth remembering that most of the innovative applications have come from folks whom no one had ever heard of.
I dunno. Seems the vast majority of Internet users are happy with this model, given they are sitting behind a NAT box.... Regards, -drc