Re: ip-precedence for management traffic

[Steven Bellovin <smb () cs columbia edu>]

On Dec 29, 2009, at 9:29 AM, Sachs, Marcus Hans (Marc) wrote:

> Totally out of the box, but here goes:  why don't we run the entire Internet management plane "out of band" so that 
> customers have minimal ability to interact with routing updates, layer 3/4 protocols, DNS, etc.?  I don't mean 100% 
> exclusion for all customers, but for the average Joe-customer (residential, business, etc., not the researcher, 
> network operator, or clueful content provider) do they really need to have full access to the Internet mechanisms 
> (routing, naming, numbering, etc.)?
>
> We already provide lots of proxy services for end users, so why not finish the job and move all of the management 
> mechanisms out of plain sight?

I hope you're joking.  If not, I have two questions: how can this be done, and what will the side-effects be?

Take BGP, for example.  The average residential consumer doesn't need BGP, doesn't speak it, and has no real ability to 
interfere with it, so there's no problem.  But a multihomed customer *must* speak it.  Perhaps you could assert that 
their ISPs should announce it -- but why trust random ISPs?  Is that ISP 12 hops away from you trustworthy, or a front 
for the Elbonian Business Network?

As for side-effects -- how can you proxy everything?  Do you know every application your customers are running?  Must 
someone who invents a new app first develop a proxy and persuade every ISP that it's safe, secure, high-enough 
performance, and worth their while to run?  It's worth remembering that most of the innovative applications have come 
from folks whom no one had ever heard of.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb