Re: tuba and interworking
Robert L Ullmann <ULLMANN@process.com> Thu, 10 June 1993 18:49 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa08581; 10 Jun 93 14:49 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa08576; 10 Jun 93 14:49 EDT
Received: from p.lanl.gov by CNRI.Reston.VA.US id aa19180; 10 Jun 93 14:48 EDT
Received: from noc-gw.lanl.gov by p.lanl.gov (5.65/1.14) id AA23484; Thu, 10 Jun 93 12:42:46 -0600
Received: by noc-gw.lanl.gov (4.1/SMI-4.1) id AA05434; Thu, 10 Jun 93 12:41:47 MDT
Return-Path: <ULLMANN@PROCESS.COM>
Received: from p.lanl.gov by noc-gw.lanl.gov (4.1/SMI-4.1) id AA05430; Thu, 10 Jun 93 12:41:46 MDT
Received: from sirius.process.com by p.lanl.gov (5.65/1.14) id AA23440; Thu, 10 Jun 93 12:41:42 -0600
Message-Id: <9306101841.AA23440@p.lanl.gov>
Date: Thu, 10 Jun 1993 14:39:00 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Robert L Ullmann <ULLMANN@process.com>
To: rcallon@wellfleet.com
Cc: tuba@lanl.gov
Subject: Re: tuba and interworking
Hi, I'd like to highlight some of the other issues with using DNS for an address translation mechanism; Ross has covered the most serious performance related issue. I'm not bashing DNS or the translation idea here; just pointing out things to look at. Remember that DNS is not a general purpose distributed database. In particular, the uses of it are in a restricted class: 1) they are ephemeral, ths DNS translation being repeated for each use. (subject to "peeking" at TTL and caching the result for TTL) 2) they are robust in the face of incompletely distributed information; if two servers give two different answers, that doesn't matter 3) they are at application layer (1) In the use of the DNS for (say) mail forwarding, the mailer translates name->MX->name->A and runs one transaction, discarding the temporary information. In point: the result of the translation is not reflected in the mail message. (Yes, in the trace, but that isn't used by automatic mechanism later.) Digression: I was involved in the "debate" over how to do Internet<-->X.400 mail address translation some years ago, arguing for an algorithmic translation. I was "shouted down" when pointing this out. The others glibly invoked the idea "when the table gets too big, we'll just use DNS" (which they are now doing, or trying to do.) The problem is that the translation gets recorded in the various addresses in a mail message, which can then retain that state (whilst sitting in someone's mailbox) for an arbitrary amount of time. The use is, therefore, clearly outside the DNS architecture. One might choose to change the architecture model, but that should be done _willfully_, not by unintentional side-effect, and the new model must be then used to design in the requisite features in the implementation. (Irrevocable records? ;-) To return to N-layer: one must ask what the effects of retained state are. For example, what happens to TCP connections, NTP peer relationships, etc. when the translation changes out from under them. 2) Along similar lines: if a name->A translation is done (as now), for a TCP connection, the result is used for as long as the connection is open. As long as the actual address of the host does not change, it does not matter that other copies of the zone held by other servers (and various caches) may have different, possibly non-intersecting, sets of addresses for the same host. (cf IPv7-TP/IX sect 9.1) 3) Note that DNS servers are often set up in the target domain, with the appropriate glue records. The presumption (if this is thought about at all :-) is that if the target domain is unreachable, you don't need the MX, A, etc information anyway. But what if the target domain is unreachable because the domain servers are unreachable because the target domain is unreachable? Before you say: "that's okay, just make sure one of your servers is (way) outside your domain", think about a transiently-isolated AS, that has recovered its link-layer connections to the outside world, and is trying to bring up N-layer. Under load. Without access to any external domain servers. (And cf RFC1183 sect 3, and ask yourself what deployment problems might have come up with the records described. Also see RFC1383 (which seems to have been written without knowledge of 1183 ;-) for more discussion.) --- Just to think about ... --- For all these reasons, TP/IX-IPv7 was designed to use a fixed, static translation algorithm, with one local parameter. (Maybe per-IF, on an AD border router) Best Regards, Robert
- tuba and interworking Victor Reijs
- Re: tuba and interworking Francis Dupont
- Re: tuba and interworking Ross Callon
- Re: tuba and interworking Francis Dupont
- Re: tuba and interworking Olav.Kvittem
- Re: tuba and interworking Ross Callon
- Re: tuba and interworking Robert L Ullmann
- Re: tuba and interworking Francis Dupont
- Re: tuba and interworking Ross Callon
- tuba and interworking Victor Reijs
- Re: tuba and interworking Francis Dupont