Hi Noel, On Tue, Jan 26, 2010 at 6:34 AM, Noel Chiappa <j...@mercury.lcs.mit.edu> wrote: > > From: Patrick Frejborg <pfrejb...@gmail.com> > > I should first point out that my original response was in response to, and in > the context of, your comment: > > >>> I believe that the Trojan Horse is called MPTCP > > and my observations were specifically questions about MPTCP (and let me > repeat by reference my previous comments about how MPTCP is great for its > core designed functionality, and so I hope it is a success, but it does not > solve all problems). >
Very true, MPTCP alone doesn't solve all problems - we need a bunch of tools to solve this issue, including LISP (or similar) > > > I think an enterprise should have PI-addresses always, PA-addresses is > > for residential users. > > OK, I'll bite. I couldn't quickly find data on the number of companies in the > world, but there are something like 2.5 million companies with 5 or more > employees in the US. Since the EU has more people than the US, and China and > India each have more people than that (although are less economically > developed), there are probably something like 10 million non-trivial companies > worldwide. Are you really propose dumping 10 million PI entries into the DFZ? > Ah, nope - not into the DFZ, never. In the future core-edge split architecture the enterprise can have PI-addresses but in the current architecture the usage of PI addresses should be minimized. If the future core-edge split architecture encourages the usage of PI addresses, that would be a carrot for the enterprises to migrate, wouldn't it? > > > [is] a CES solution is only aimed for multi-homed solutions only? > > Depends on the particular CES solution, I would think. > > > > the problem is, when is a site becoming a LCP site, it is event driven, > > isn't it? Anytime there is something happening that passes the news > > threshold some servers are starting to get hits, depending upon the > > nature of the news. > > Sure, and sometimes a site melts down because it doesn't have enough server > capacity, or enough bandwidth, or whatever. Sites not coping well with massive > increases in traffic volumes is, I would imagine, not uncommon, and it > manifests itself in a number of ways - some of which are not easily > ameliorated (e.g. going from a single-server system to a server cluster). > True, but if we are aware of this issue in the design phase we should find a way around it, at least try - otherwise we are not doing a proper job. -- patte > > > the returning traffic doesn't need be looked up by a mapping solution, > > it is populated by the initiating traffic > > The simplistic versions of this tactic can lead to DoS attacks and/or traffic > hijacking. If you want to avoid a lookup in the return direction, you have to > authenticate 'unsolicited' bindings. > > Noel > _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg