On 2012-03-30 20:35, Michael Richardson wrote: >>>>>> "Brian" == Brian E Carpenter <Brian> writes: > Brian> Front posting: I think we are using "walled garden" to mean > Brian> several things and that is confusing. > > Brian> In my mind it refers to a captive customer scenario where a > Brian> service provider is intentionally limiting a customer's > Brian> access to the global Internet or (by playing DNS and/or HTTP > Brian> proxy tricks) presenting a distorted view of the the global > Brian> Internet. > > Brian> This becomes especially obnoxious if the customer has > Brian> multiple providers that attempt to enforce different walled > Brian> gardens. But that's a MIF issue, I think. > > Brian> That is quite different from stating that a customer network > Brian> should be separated from the Internet by a security fence of > Brian> some kind and may also need a local namespace. I thought that > Brian> was normally called an intranet. > > I actually can't see a technical difference.
In an enterprise intranet, it's (supposedly) a fact that all routing, firewalling, etc. is administered by the same IT management. Also, multihoming takes place outside the intranet - the "walled garden" boundary is also the multihoming boundary. In a customer/provider scenario, there is split management, and furthermore the multihoming boundary is inside more than one walled garden at the same time. That's why it's messy, IMHO. > Most intranets work by: > 1) intentionally limiting a customer's access to the global Internet > 2) playing DNS tricks > 3) HTTP proxy tricks > 4) having a local name space. > > I think that walled-gardens are the political NAT44 of IPv6. IPv6 makes more walled garden tricks possible, but both intranets and walled gardens abound in IPv4. > > We can, if we want, stick our head in the sand like we did for NAT44, > letting the marketplace produce create an arms race between network > operators and application creators. Or, we can do like we finally did > with BEHAVE and specify something. Good luck balancing on that third rail ;-) Brian > > I'm here in homenet because I care about e2e, I want to avoid NAT66, and > I see great utility in having globably unique addresses everywhere, even > if they are not globally routable/accessible. > > (ps: I shipped NAT44 products in 1994. I hate myself for helping kill > e2e. I shipped it with split-horizon DNS standard. It was all stupid. ) > > > > ------------------------------------------------------------------------ > > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
