[rrg] Name-based API, was: Re: presentation/discussion list

[Iljitsch van Beijnum]

On 20 nov 2008, at 14:38, William Herrin wrote:

> I can sum up the single most significant obstruction to renumbering in
> four words: get host by name.

> So long as developers have a standard API for mapping names to
> addresses which fails to propagate the duration of validity, app
> developers will use the API and renumbering will remain a severe
> operational drag.

I don't think the mere fact that applications must do the name to  
address lookup and then hand the address to the network stack makes  
renumbering harder.

That is, unless you mean renumbering IP versions.

In the plenary, Dave Thaler mentioned the problem that many  
applications work with addresses where they should work with names.  
There is of course a laziness and shortsightedness component to that,  
but I believe that in most cases this is because the existing name  
resolution systems fail to meet the needs of the application writers  
or operators. Let me name a few issues.

The DNS is fairly slow. Looking up an address can take a few hundred  
milliseconds.

The DNS is somewhat unreliable. Under normal circumstances, it doesn't  
fail too often, but it's not too hard to create circumstances where  
DNS lookups fail to work.

The caching is braindead. If the TTL is 24 hours, then this means you  
could have wrong information for 23:59:59. It also means that at  
23:59:59 something may work fine, and at 24:00:01 it doesn't work at  
all. This is especially true when the source and destination can reach  
each other but part of the delegation hierarchy has become unreachable.

Although the DNS and (multicast) DNS service discovery can provide  
port numbers, applications generally don't look for them, limiting the  
usefulness in cases where port numbers are needed in addition to  
addresses.

Dynamic DNS allows hosts to register their address in the DNS, but  
this requires the availability of a server and a domain name, as well  
as significant coordination for security. Many end-users simply don't  
have a domain name or a server that can host the dynamic zone.

Interestingly, peer-to-peer applications spend a lot of complexity on  
a name to address mapping mechanism that doesn't require hierarchical  
delegations or long term reachable servers.

If we are serious about moving away from addresses in favor of names  
to make renumbering, and therefore multihoming and mobility, easier,  
we need to address these issues.

Especially if we want people to create firewall rules based on names,  
all of this has to have very high reliability, performance and security.