[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: network controls are necessary
On Mon, 9 Dec 2002, Tony Hain wrote:
> Simplifying does not always mean moving the function into the network.
> In fact that approach may make the host job more complex, because the
> network has limited knowledge.
As long as you are considering how to take a network of 100,000 hosts in a
distribution of 65% OS-A, 25% OS-B, 5% OS-C, and 5% OS-Other (comprised of
about 35 different other OS's), push this policy to them within a day or
so, and ensure that the policy will behave the same way across the 39
OS's, then I've got no problem with a fully-distributed host-based
The alternative, of course, is for the administrator to make perhaps a
couple of policy changes in a central policy database that are then
automatically utilized by those 100,000 hosts.
Either way you want to approach it, it _will_ require standards, and
better standards than the leftmost longest-bit-match that the address
selection draft provides. Whether there be a finite set of policy
capabilities a host MUST have, or whether there is a standard protocol
that allows extensibility of the policy engine (a la DNS-like operation),
we have to come up with it.
(PS - No, those aren't real numbers of operating system distribution at
any particular entity that still exists. It is, however, a representative
distribution of a technology-oriented R&D operation that has no particular
ties to anyone I'm currently affiliated with. I'm sure that some other
larger organizations have a more standardized environment, and I'm sure
some universities have a significantly more complex environment.)
> administrators of end sites that are currently multi-homed. The real
> trick is finding the people from that set who are willing to put time
> into the IETF, and who have some understanding of the range of options
The trick is finding those exact people who have the capability to give
their time. I'm so busy that I can maybe get to the discussions here once
every two weeks if I'm lucky.
> Yes we have to choose. My concern is that the vocal participants are not
> providing a balanced perspective on the cost / benefit tradeoffs. Again,
> this is not to fault anyone, just raise awareness that we need more
> participation from multi-homed host administrators.
Network administrators generally have a good view of host administration
already, at least enough to know what manpower it would take to
communicate changes, modify standard images, offer alternatives for the
non-conformists, make the change, and support the change. We all make
design decisions to change various aspects of our networks and we must
know what impact that causes to the host administrators, whether it can be
scripted or not, and the end result effort. I agree we need more of these
Craig A. Huegen, Chief Network Architect C i s c o S y s t e m s
IT Transport, Network Technology & Design || ||
Cisco Systems, Inc., 400 East Tasman Drive || ||
San Jose, CA 95134, (408) 526-8104 |||| ||||
email: firstname.lastname@example.org CCIE #2100 ..:||||||:..:||||||:..