[76889] in North American Network Operators' Group
Re: IPv6, IPSEC and DoS
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Jan 3 15:55:07 2005
Date: Mon, 3 Jan 2005 15:54:38 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: David Barak <thegameiam@yahoo.com>
Cc: nanog@nanog.org
In-Reply-To: <20050103161148.48101.qmail@web14930.mail.yahoo.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 3 Jan 2005, David Barak wrote:
> I guess it's true that everything old is new again:
> isn't this effectively circuit-switching? If you're
> dedicating network elements to particular hosts in a
> non-dynamic manner, doesn't that make your
> infrastructure effectively a PBX, where moving
> {device} from one room to the next requires a a
> technician's assistance?
Not necessarily. Some public networks are moving away from the ask
everyone the question, anyone can answer model. It cuts down on the
chatter, and the spoofing. That doesn't mean you have to go to a static
provisioning model, but it does mean you have to think harder about what
you trust, what asks the questions and what answers the questions. You
can still have a dynamic network, as long as it doesn't learn the wrong
things.
