By Robert Moskowitz
A long-anticipated event is finally under way on corporate LANs. Little causeways are being built between these LANs, and a few select users are sending packets across these causeways to servers on the other side. Regardless of why these causeways are being built--for private circuits, VPNs (virtual private networks) or plain public pathways--some interesting challenges have emerged. Perhaps the most important near-term challenge is how we will bridge our balkanized Internet. We need to support end-to-end connectivity between our corporate LANs when we no longer have unique IP addresses. Our kludged world of NAT (network address translation) and firewalls is only leading us further away from our business goals of direct interaction. It is time to discard them and focus on how to function without these barriers.
 The End-to-End Internet Model Internet designers are adamant about keeping their designs simple. One of their guiding principles in maintaining simplicity is the end-to-end model, which specifies that any host can directly access any other host with minimal intervening services. The motto has been, "Put the intelligence in the host, not the network."
From the birth of the Internet, there has been a steady drift of services to the core of the Internet, rendering the hosts more dependent on infrastructure services. Until the early 1990s, none of these services directly broke the end-to-end model. However, at this time, Dr. David Clark of MIT--recognized by the IETF as one of its key architects--warned of the impending balkanization of the Internet. He saw two closely related processes threatening the simplicity of the end-to-end model.
The first process was the growing deployment of firewalls to limit interaction between systems in separate administration domains. The second was the tightening of IP address assignment, resulting in many companies taking whatever addresses they chose. Companies were picking addresses without trying for an address assignment from IANA (Internet Assigned Numbers Authority), and were using application-level gateways (this was before NATs). This balkanization became set with the publication of RFC 1597 (Address Allocation for Private Internets, updated in RFC 1918).
Today, businesses have been forced out of the end-to-end model. The border system must perform a number of mediation services so that a host in one business can interact with a server in another business. This is never as easy as it looks to the end user. Security services also have been affected by the loss of end-to-end connectivity. Security must be delivered at the application level, requiring security awareness on behalf of each application, rather than the system. Some businesses are starting to understand what this means in terms of extra work in delivering business-class processes. Firewalls and NATs are nothing but impediments to business-class intercompany processes, and we need to find ways to return to the end-to-end model.
The IETF took Dr. Clark's balkanization warning seriously. The rapid consumption of IP addresses and the explosive growth in the Internet routing tables produced one working group after another, culminating in the specification of IPv6 in 1995. The IETF's expectation was that deployment of IPv6 would begin in late 1997. There are many reasons why this hasn't happened, and now most observers say we have another two to three years before IPv6 is significantly deployed.
|
|
|
|
Related Links
Ask Yourself: In Whom Can You Really Trust?
June 15, 1998
Technology And Trust: The Final Analysis
July 15, 1998
We Pick Up The Weight Of The Unix World
August 1, 1998
Virtual Private Networks For Sale
August 15, 1998
Keeping Your Internet Investment Safe
September 15, 1998
Other Columnists
Net Results
By Dave Molta
On The Edge
By Art Wittmann
Company
Directoryto browse our data, starting with a particular company.
Network Computing Linksallows you to request additional product information from our advertisers.
 Print This Page
 E-mail this URL
|
REPORTS
ANALYTICS
Follow 
