[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The End-To-End Internet (was Re: Blocking MX query)

Subject: The End-To-End Internet (was Re: Blocking MX query)
From: trejrco at gmail.com (TJ)
Date: Fri, 7 Sep 2012 13:45:50 -0400
In-reply-to: <CAP-guGU0QgL2=HPnLY3qwwCh3fD=WT790iGkdZTHB7cANJaRqQ@mail.gmail.com>
References: <[email protected]> <[email protected]> <CAP-guGU0QgL2=HPnLY3qwwCh3fD=WT790iGkdZTHB7cANJaRqQ@mail.gmail.com>

On Tue, Sep 4, 2012 at 3:45 PM, William Herrin <bill at herrin.us> wrote:

> On Tue, Sep 4, 2012 at 2:22 PM, Jay Ashworth <jra at baylink.com> wrote:
> > It is regularly alleged, on this mailing list, that NAT is bad *because
> it
> > violates the end-to-end principle of the Internet*, where each host is a
> > full-fledged host, able to connect to any other host to perform
> transactions.
>
> That's what firewalls *are for* Jay. They intentionally break
> end-to-end for communications classified by the network owner as
> undesirable. Whether a particular firewall employs NAT or not is
> largely beside the point here. Either way, the firewall is *supposed*
> to break some of the end to end communication paths.
>

Exactly - talking about a *(subtle?)* difference here.
1) Breaking the E2E model because your security policy (effectively)
dictates it.  For the record, this is fine as it is your decision for your
network.
2) Being forced to break that model by deficiencies in the underlying
protocol/address-family.  This is, shall we say, sub-optimal.

/TJ

References:
- The End-To-End Internet (was Re: Blocking MX query)
  - From: jra at baylink.com (Jay Ashworth)
- The End-To-End Internet (was Re: Blocking MX query)
  - From: bill at herrin.us (William Herrin)

Prev by Date: The End-To-End Internet (was Re: Blocking MX query)
Next by Date: Weekly Routing Table Report
Previous by thread: The End-To-End Internet (was Re: Blocking MX query)
Next by thread: The End-To-End Internet (was Re: Blocking MX query)
Index(es):
- Date
- Thread