ip-precedence for management traffic

Sachs, Marcus Hans (Marc) marcus.sachs at verizon.com
Tue Dec 29 09:22:29 CST 2009

Nope, not joking.  Quite serious about this.

Glad we agree about the residential customers.  Perhaps that's the first place to start and could generate some interesting lessons.

Properly dual-homed customers are what I'd lump into the "clueful" category so they are not the ones I'm talking about.  Just the basic customers who have no Earthly idea how all of this magic comes together, and who really don't care or have a need to know.

New applications, by the way, should not be a problem if they are allowed to adapt to a new networking model.  Innovation flourishes when the status quo changes.

(I see that Chris Morrow just posted some supportive comments.  Thanks Chris!)


-----Original Message-----
From: Steven Bellovin [mailto:smb at cs.columbia.edu] 
Sent: Tuesday, December 29, 2009 10:09 AM
To: Sachs, Marcus Hans (Marc)
Cc: NANOG list
Subject: Re: ip-precedence for management traffic

On Dec 29, 2009, at 9:29 AM, Sachs, Marcus Hans (Marc) wrote:

> Totally out of the box, but here goes:  why don't we run the entire Internet management plane "out of band" so that customers have minimal ability to interact with routing updates, layer 3/4 protocols, DNS, etc.?  I don't mean 100% exclusion for all customers, but for the average Joe-customer (residential, business, etc., not the researcher, network operator, or clueful content provider) do they really need to have full access to the Internet mechanisms (routing, naming, numbering, etc.)?
> We already provide lots of proxy services for end users, so why not finish the job and move all of the management mechanisms out of plain sight?

I hope you're joking.  If not, I have two questions: how can this be done, and what will the side-effects be?

Take BGP, for example.  The average residential consumer doesn't need BGP, doesn't speak it, and has no real ability to interfere with it, so there's no problem.  But a multihomed customer *must* speak it.  Perhaps you could assert that their ISPs should announce it -- but why trust random ISPs?  Is that ISP 12 hops away from you trustworthy, or a front for the Elbonian Business Network?

As for side-effects -- how can you proxy everything?  Do you know every application your customers are running?  Must someone who invents a new app first develop a proxy and persuade every ISP that it's safe, secure, high-enough performance, and worth their while to run?  It's worth remembering that most of the innovative applications have come from folks whom no one had ever heard of.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

More information about the NANOG mailing list