On 20 nov 2008, at 14:38, William Herrin wrote:
I can sum up the single most significant obstruction to renumbering in
four words: get host by name.
So long as developers have a standard API for mapping names to
addresses which fails to propagate the duration of validity, app
developers will use the API and renumbering will remain a severe
operational drag.
I don't think the mere fact that applications must do the name to
address lookup and then hand the address to the network stack makes
renumbering harder.
That is, unless you mean renumbering IP versions.
In the plenary, Dave Thaler mentioned the problem that many
applications work with addresses where they should work with names.
There is of course a laziness and shortsightedness component to that,
but I believe that in most cases this is because the existing name
resolution systems fail to meet the needs of the application writers
or operators. Let me name a few issues.
The DNS is fairly slow. Looking up an address can take a few hundred
milliseconds.
The DNS is somewhat unreliable. Under normal circumstances, it doesn't
fail too often, but it's not too hard to create circumstances where
DNS lookups fail to work.
The caching is braindead. If the TTL is 24 hours, then this means you
could have wrong information for 23:59:59. It also means that at
23:59:59 something may work fine, and at 24:00:01 it doesn't work at
all. This is especially true when the source and destination can reach
each other but part of the delegation hierarchy has become unreachable.
Although the DNS and (multicast) DNS service discovery can provide
port numbers, applications generally don't look for them, limiting the
usefulness in cases where port numbers are needed in addition to
addresses.
Dynamic DNS allows hosts to register their address in the DNS, but
this requires the availability of a server and a domain name, as well
as significant coordination for security. Many end-users simply don't
have a domain name or a server that can host the dynamic zone.
Interestingly, peer-to-peer applications spend a lot of complexity on
a name to address mapping mechanism that doesn't require hierarchical
delegations or long term reachable servers.
If we are serious about moving away from addresses in favor of names
to make renumbering, and therefore multihoming and mobility, easier,
we need to address these issues.
Especially if we want people to create firewall rules based on names,
all of this has to have very high reliability, performance and security.
_______________________________________________
rrg mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/rrg
