why the heck does the IAB think they should tell me how to run my network?
... part of the INTERnet, and we would like it all to interoperate end to end.
that must be the royal "we"...
you have been here long enough to remember when the internet was a cooperation between operators, yes?
Sure. and why the ARPAnet evolved into MILnet/CSnet/BITnet, the NSF regionals, NSI et.al. That whole "trust but verify" threat model. And then the "evolution" into more specialized architectures, w/ folk focusing on edge & core - content and eyeballs etc.
Absolutely correct. What I personally am afraid of is if we get a network where we by choice (yes, your choice as the operator) get vertically oriented services instead of horisontal. Where you only can connect to a service if you get IP packets of a specific flavor from a specific ISP.
here in is the nut. Internet Protocols should, by design, presume a fully end2end, always on model. Packets should be emitted w/ the presumption that they can reach their target. If not, its not reachable. period. If my node is in a MANET, then I should be able to reach all the nodes in that MANET. If its on Mars, then DTN should take care of packet delivery. If the transit ISP filters my prefix and throws the bits on the floor, I should complain. If the transit ISP filters the port and throws the bits on the floor, I should complain. But that is the transit ISP choice. Local Optimizations - trying to be smart about what is reachable over what transport by some "middle-box" - that is harmful. Operationally, I may chose to take links down, filter out some traffic, groom for specific network performance -over infrastructure i pay for- the whole "middle-box, firewall, NAT, or generic tunneling techniques are in play to allow end-users to circumvent network policy ... and that is bad. if there is really a concern that port filtering is inherently bad and should only be exercised as a temporary expediant, then why not open up all ports on the end systems? blocking ports 5, 7, 9, 11 and 19 are fairly common these days. is the IAB seriously suggesting that ISPs remove the filters on/for these ports? I'll stand by this mantra for -EDGE- networks: "allow what you use, block what you don't." when new, inovative applications evolve, I expect they should have thier own port(s) assigned, just like has occured in the Internet over the last 25 years. and if they are useful to the folks on my network, the ports will be opened up. stuff that tunnels w/o authorization, will be found and squashed.
The INETRnet works because as soon as you get IP packets from The INTERnet somewhere, you can access any service which runs on top of IP because of the transparent peering/transit agreements which exists.
But where is the presumption made that -operationally- all transport substrates are interconnected?
Because of this, it is a bad thing, and really the start of a very slippery slope, if AS:es start filtering at their edges. It can be done for various practical reasons in short term (as you say, you are responsible for YOUR network, YOUR part of The INTERnet), but as a long term thing, nope.
You might want to consider why EGP protocols were built in the first place... :) EGP/BGP have -policy- constraints designed in to restrict traffic.
paf -- speaking personally, but member of the IAB
--bill -- speaking as devils advocate and w/o having taken my meds today. ... granted it is nice to see the IAB take an interest and take a stance. I'm more afraid that such a document will aquire the patina of "gospel" by ISPs who won't think for themselves as to why some choices should be made.