[120618] in North American Network Operators' Group
RE: ip-precedence for management traffic
daemon@ATHENA.MIT.EDU (Sachs, Marcus Hans (Marc))
Tue Dec 29 10:23:19 2009
Date: Tue, 29 Dec 2009 10:22:29 -0500
In-Reply-To: <74DF6987-7398-4CAF-AF05-9942677F00A6@cs.columbia.edu>
From: "Sachs, Marcus Hans (Marc)" <marcus.sachs@verizon.com>
To: "Steven Bellovin" <smb@cs.columbia.edu>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Nope, not joking. Quite serious about this.
Glad we agree about the residential customers. Perhaps that's the first =
place to start and could generate some interesting lessons.
Properly dual-homed customers are what I'd lump into the "clueful" =
category so they are not the ones I'm talking about. Just the basic =
customers who have no Earthly idea how all of this magic comes together, =
and who really don't care or have a need to know.
New applications, by the way, should not be a problem if they are =
allowed to adapt to a new networking model. Innovation flourishes when =
the status quo changes.
(I see that Chris Morrow just posted some supportive comments. Thanks =
Chris!)
Marc
-----Original Message-----
From: Steven Bellovin [mailto:smb@cs.columbia.edu]=20
Sent: Tuesday, December 29, 2009 10:09 AM
To: Sachs, Marcus Hans (Marc)
Cc: NANOG list
Subject: Re: ip-precedence for management traffic
On Dec 29, 2009, at 9:29 AM, Sachs, Marcus Hans (Marc) wrote:
> Totally out of the box, but here goes: why don't we run the entire =
Internet management plane "out of band" so that customers have minimal =
ability to interact with routing updates, layer 3/4 protocols, DNS, =
etc.? I don't mean 100% exclusion for all customers, but for the =
average Joe-customer (residential, business, etc., not the researcher, =
network operator, or clueful content provider) do they really need to =
have full access to the Internet mechanisms (routing, naming, numbering, =
etc.)?
>=20
> We already provide lots of proxy services for end users, so why not =
finish the job and move all of the management mechanisms out of plain =
sight?
I hope you're joking. If not, I have two questions: how can this be =
done, and what will the side-effects be?
Take BGP, for example. The average residential consumer doesn't need =
BGP, doesn't speak it, and has no real ability to interfere with it, so =
there's no problem. But a multihomed customer *must* speak it. Perhaps =
you could assert that their ISPs should announce it -- but why trust =
random ISPs? Is that ISP 12 hops away from you trustworthy, or a front =
for the Elbonian Business Network?
As for side-effects -- how can you proxy everything? Do you know every =
application your customers are running? Must someone who invents a new =
app first develop a proxy and persuade every ISP that it's safe, secure, =
high-enough performance, and worth their while to run? It's worth =
remembering that most of the innovative applications have come from =
folks whom no one had ever heard of.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
