[e2e] administrative domains and the network layer
J.Crowcroft at cs.ucl.ac.uk
Tue Jun 5 00:27:51 PDT 2001
In message <GOEHJEPMGDEICJALMGLDKENGCAAA.ben at layer8.net>, Ben Black typed:
>>Much of the recent discussion on this list regarding what the end to end
>>principle means in the context of the current Internet has overlapped in
>>my mind with some private discussions on how to effectively multihome in
>>IPv6 (and IPv4, to some extent). Many paths seem to naturally lead back
>>to a solution using NAT or one of its relatives, such as GSE, and I have
>>seen others argue that such solutions violate the end to end principle.
I believe that GSE does NOT violate the end to end principle - it
actually re-enforces it and the security arguments used in the
anti-GSE draft are i think misguided in that they were arguments
against IP or mobility, not against GSE...some of the global
re-writing ideas in GSE, if applied right, would solve a WHOLE lot of
problems - it would give a nice opportunity to re-think inter-domain
routing properly too...
>>Whether or not NAT actually violates the end to end principle is a
>>question I do not currently care to ask, but I have begun to wonder if
>>part of the conflict might reside in the current OSI layering model,
>>specifically in its definition of the network layer. A key mechanism
>>in managing a network as large as the Internet is the autonomous system.
>>Autonomous systems are used within the routing system, but are completely
>>ignored within the network layer.
>>If the autonomous system concept were to be introduced into the
>>definition of the network layer, I see the opportunity to truly decouple
>>host identity from network topology (this is not the same as trusting the
>>host, as I believe issues of trust are well beyond the scope of the
>>network layer), which in turn opens the door to far simplified and
>>scalable routing architectures (whether they use something akin to GSE,
>>NAT, or a completely new approach).
>>I am interested in whatever opinions you might have on the subject.
ok - so if the G Part of a GSE address is the current AS you are
"homed" to, then this works really well - it also works well for
scalalble multi-source multicast address allocation (same as the GLOP
address style, but in v6, there's plenty of bits to map an AS and
still leave a lot of AS specific addresses, and still have intra-AS
allcatio nschemes that scale:-)
GSE should be revisited - the MIT work on migrating state for TCP fits
in really well here and there;s copious security work that shows how to
do this safely - so long as you DONT tie the process state to the
inter-as path the way tcpv4 does, it all works really nicely -
More information about the end2end-interest