The End-To-End Internet (was Re: Blocking MX query)

Izaac izaac at
Wed Sep 5 21:48:47 UTC 2012

On Tue, Sep 04, 2012 at 03:45:32PM -0400, William Herrin wrote:
> That's what firewalls *are for* Jay. They intentionally break
> end-to-end for communications classified by the network owner as
> undesirable. Whether a particular firewall employs NAT or not is
> largely beside the point here. Either way, the firewall is *supposed*
> to break some of the end to end communication paths.

Which has had two basic results:

First, we've raised at least two generations of programmers who cannot
write a network-facing service able to stand up in so much as a stiff
breeze.  "Well it's behind the firewall, so no one will be able to see

Second, we've killed -- utterly and completely -- countless promising
technologies and forced the rest to somehow figure out either how to
pretend to be HTTP or tunnel themselves.  That's just sad.

But even then, we're not talking about an end user choosing not to
permit certain kinds of inbound connectivity.  We're talking about
carriers inspecting and selectively interfering with (and in some cases
outright manipulating) communication in transit.  That's just plain

. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__

More information about the NANOG mailing list