Re: [arch-d] Comments on draft-lazanski-consolidation
Eliot Lear <lear@cisco.com> Fri, 13 November 2020 08:14 UTC
Return-Path: <lear@cisco.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74DCB3A1629 for <architecture-discuss@ietfa.amsl.com>; Fri, 13 Nov 2020 00:14:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.589
X-Spam-Level:
X-Spam-Status: No, score=-9.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yKGpHzyfhqD1 for <architecture-discuss@ietfa.amsl.com>; Fri, 13 Nov 2020 00:14:11 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 317073A1607 for <architecture-discuss@ietf.org>; Fri, 13 Nov 2020 00:14:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13886; q=dns/txt; s=iport; t=1605255251; x=1606464851; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=HJgU9mlQcZjXwq/+hAoPP89WXY4yNggw2vjpKH//sdA=; b=F3owwuo5K0SsXBCfGucKYYOCboymBO3doC2icZv73YVCtdsCAf3cfjDB Ym06gB4qgEXmcGeWB/IQi65M2S6HH9SOKWY9/NfIjwhy8JGVFBQGioMH7 qYVgdJxZbFDBwYaYIv6GfWvE/wFvyA2Ei1IsgRSnrV81K2XEmKFDtbznX c=;
X-IPAS-Result: A0ATBABlP65f/xbLJq1iHQEBAQEJARIBBQUBgg+DcwEyLoQ9iQWIHooWiX6GMYFoCwEBAQ0BAS8EAQGESgKCHCY4EwIDAQEBAwIDAQEBAQUBAQECAQYEcYVthXIBAQEBAgEjVgULCxgqAgIhNgYTFQWDDIJWAw4grxt2gTKFV4JRDYIkgTiNMSqCAIERJxyCTz6CG4FpEQcBAQqDLTOCLASQOQspBaZoVIJ3gxqPTYMbhRMDH6F5oT2PBINkAgQGBQIVgWsjgVczGggbFWUBgj4+EhkNVo1QjkNAAzA4AgYBCQEBAwmMAgEngh4BAQ
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.77,475,1596499200"; d="scan'208,217"; a="31026263"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Nov 2020 08:14:07 +0000
Received: from ams3-vpn-dhcp5496.cisco.com (ams3-vpn-dhcp5496.cisco.com [10.61.85.119]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AD8E6Mu027268 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 13 Nov 2020 08:14:06 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <AA07B954-B025-41DB-BDAA-3DF18D0D82B7@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_64DF5B79-8A71-4F86-8B78-9B9C728323E7"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 13 Nov 2020 09:14:04 +0100
In-Reply-To: <CACsn0c=pS5+7a+M-f3RkhYsgriEYj_-a4--V+2gAnkMNHdFoqA@mail.gmail.com>
Cc: architecture-discuss@ietf.org
To: Watson Ladd <watsonbladd@gmail.com>
References: <CACsn0c=pS5+7a+M-f3RkhYsgriEYj_-a4--V+2gAnkMNHdFoqA@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Outbound-SMTP-Client: 10.61.85.119, ams3-vpn-dhcp5496.cisco.com
X-Outbound-Node: aer-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/iHAdTr1-USsjJaC5jVdGa29m1JU>
Subject: Re: [arch-d] Comments on draft-lazanski-consolidation
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 08:14:20 -0000
Hi Watson, > On 13 Nov 2020, at 04:00, Watson Ladd <watsonbladd@gmail.com> wrote: > > Dear all, > > As someone who works on a team that's implemented all three of the > protocols explicitly listed, it's a bit awkward for me to comment on > the draft. But comment I will. > > The brief summary is that I think this draft suffers from trying to do > too much, and if it was split up into section 5 and the rest it would > be much more convincing and productive. > > Let me note that aws-us-east-1 having a bad day shouldn't be a news > item. That alone is evidence that there is consolidation in the > provision and location of computer services. Yes. > But that doesn't really > have a lot to do with protocol changes, and there aren't many examples > of protocols changing in response to consolidation in the draft. I might put this differently. There are natural tendencies to consolidation in any market, regardless of protocols, simply because of economies of scale. But our protocols support that economic structure, and that is deeply ingrained in our culture, to the point where I often quote Mike O’Dell, a former IETF area director and an Internet pioneer: “The only real problem is scaling.” Load balancing is an absolute requirement for scale, and so SNI came to be. So we addressed that to scale, and that enabled market consolidation, because without it CDNs could not offer secure services. The same design can be seen in our mail systems. The MX record provides for all manner of scaling. And for consolidation. Gmail, the system you use, could hardly function without it. The same with short-lived TTLs. There are other examples to me that seem to me to have created consolidation due to lack of scale. For instance, NAT and private addressing limited services to be delivered from the home, and once in place, SPs built entire business models around that assumption. Some of this might change over time with IPv6, but the status quo provides for a lot of inertia. Dynamic addresses build on this. Without DHCP, it would not be scalable for SPs to rotate addresses, thereby eliminating unwanted service offerings. And then there are services that spot that, and correct for it. Whole markets built out around this need for scale that a protocol delivered. In each of these cases, the market pressure was there for work, our tradition and processes of rough consensus and running code enabled the work, and people showed up with code. > > not sure what to make of section 4.2. It discusses the end to end > principle, then says the availability of storage and computation > changes that. NFS has existed for a long time, that doesn't mean the > Internet provides storage. It means servers on the Internet provide > storage. ISPs have always consolidated traffic, at least at the > metropolitan level. They bring it to IXs or their transit links. 5G > isn't changing that. The end to end principle is a principle of > network design, and it isn't the only way to design networks: circuit > switching and store-and-forward networks didn't do it, in part due to > technical limitations. What is the edge to edge principle that this > draft refers to? > > There have always been computers on the Internet, providing services > to people. Anyone who has ssh'd into a cluster to run their codes is > using data processing over the Internet. That these services might be > anycasted or spread over multiple sites is not new. It doesn't make > the network intelligent in the way the end-to-end principle argues > against. NFS being a massive pain to handle, with all sorts of history with poor performance on WANs, kernel hangs, and all the PTSD that brought to administrators. Probably we should leave that example on the cutting room floor. On the other hand, SSH is more interesting. SSH has no key management system to speak of, which is why attacking key servers led to a fundamental failure. This is particularly ironic, given how it was billed initially as a web of trust. You see no formal consolidation there, but nevertheless there was a fail. Conversely and perhaps worth study, you don’t see quite that same sort of failure with X.509 certs, even though there is consolidation in the browser market. There are huge numbers of CAs in browser stores. What would happen if those policies got too restrictive? What are the economic incentives in play? > > All of this change doesn't involve new protocols. > > And then the draft discusses ECH, DoH, Privacy Pass as protocols that > could lead to further consolidation. DoH has been discussed > considerably in a variety of fora: I'll simply note that you can pick > your resolver with DNS over UDP as well, and it's not really a > protocol level issue how it was deployed, which the draft > acknowledges. "Centralized" resolvers like 8.8.8.8 existed before DoH. Users choosing DNS servers is a rarity. The only real question is who else chooses. Is it the service provider, the home router vendor, or the browser? By creating DoH, browsers have challenged the other two. We ought not deny that reality. However, I also don’t think we should replay good/bad here. To me, the draft needs to also look at malware and how consolidation helps/hurts. I think it’s also probably worth while to look at the recent O365 downtime, how two-sided markets can hurt scale and stability, what what standards’ role are to prevent that risk. Eliot
- [arch-d] Comments on draft-lazanski-consolidation Watson Ladd
- Re: [arch-d] Comments on draft-lazanski-consolida… Christian Huitema
- Re: [arch-d] Comments on draft-lazanski-consolida… Eliot Lear