RSS
|
||||
 Addressing the Needs of Corporate Networks | ||||
|
By Robert Moskowitz A long-anticipated event is finally under way on corporate LANs. Little causeways are being built between these LANs, and a few select users are sending packets across these causeways to servers on the other side. Regardless of why these causeways are being built--for private circuits, VPNs (virtual private networks) or plain public pathways--some interesting challenges have emerged. Perhaps the most important near-term challenge is how we will bridge our balkanized Internet. We need to support end-to-end connectivity between our corporate LANs when we no longer have unique IP addresses. Our kludged world of NAT (network address translation) and firewalls is only leading us further away from our business goals of direct interaction. It is time to discard them and focus on how to function without these barriers.
From the birth of the Internet, there has been a steady drift of services to the core of the Internet, rendering the hosts more dependent on infrastructure services. Until the early 1990s, none of these services directly broke the end-to-end model. However, at this time, Dr. David Clark of MIT--recognized by the IETF as one of its key architects--warned of the impending balkanization of the Internet. He saw two closely related processes threatening the simplicity of the end-to-end model. The first process was the growing deployment of firewalls to limit interaction between systems in separate administration domains. The second was the tightening of IP address assignment, resulting in many companies taking whatever addresses they chose. Companies were picking addresses without trying for an address assignment from IANA (Internet Assigned Numbers Authority), and were using application-level gateways (this was before NATs). This balkanization became set with the publication of RFC 1597 (Address Allocation for Private Internets, updated in RFC 1918). Today, businesses have been forced out of the end-to-end model. The border system must perform a number of mediation services so that a host in one business can interact with a server in another business. This is never as easy as it looks to the end user. Security services also have been affected by the loss of end-to-end connectivity. Security must be delivered at the application level, requiring security awareness on behalf of each application, rather than the system. Some businesses are starting to understand what this means in terms of extra work in delivering business-class processes. Firewalls and NATs are nothing but impediments to business-class intercompany processes, and we need to find ways to return to the end-to-end model. The IETF took Dr. Clark's balkanization warning seriously. The rapid consumption of IP addresses and the explosive growth in the Internet routing tables produced one working group after another, culminating in the specification of IPv6 in 1995. The IETF's expectation was that deployment of IPv6 would begin in late 1997. There are many reasons why this hasn't happened, and now most observers say we have another two to three years before IPv6 is significantly deployed.
|
|
|
|
Ask Yourself: In Whom Can You Really Trust? June 15, 1998 Technology And Trust: The Final Analysis July 15, 1998 We Pick Up The Weight Of The Unix World August 1, 1998 Virtual Private Networks For Sale August 15, 1998 Keeping Your Internet Investment Safe September 15, 1998 Net Results By Dave Molta On The Edge By Art Wittmann  Print This Page E-mail this URL
|
 |
||||
The End-to-End Internet Model Internet designers are adamant about keeping their designs simple. One of their guiding principles in maintaining simplicity is the end-to-end model, which specifies that any host can directly access any other host with minimal intervening services. The motto has been, "Put the intelligence in the host, not the network."Best of the Web
Data deduplication: Declawing the clones
Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.
Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.
WAN Optimization Whitelists and Blacklists
Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.
WAN Optimization as a Managed Service: It's Not About the Cost
This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.
