From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp65.iad3a.emailsrvr.com (smtp65.iad3a.emailsrvr.com [173.203.187.65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id D7C4C3B2A4 for ; Sun, 16 Apr 2023 20:27:59 -0400 (EDT) Received: from app1.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp1.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 399E916A7 for ; Sun, 16 Apr 2023 20:27:59 -0400 (EDT) Received: from deepplum.com (localhost.localdomain [127.0.0.1]) by app1.wa-webapps.iad3a (Postfix) with ESMTP id 21AF9E1266; Sun, 16 Apr 2023 20:27:59 -0400 (EDT) Received: by apps.rackspace.com (Authenticated sender: dpreed@deepplum.com, from: dpreed@deepplum.com) with HTTP; Sun, 16 Apr 2023 20:27:59 -0400 (EDT) X-Auth-ID: dpreed@deepplum.com Date: Sun, 16 Apr 2023 20:27:59 -0400 (EDT) From: "David P. Reed" To: starlink@lists.bufferbloat.net Cc: starlink@lists.bufferbloat.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_20230416202759000000_31613" Importance: Normal X-Priority: 3 (Normal) X-Type: html In-Reply-To: References: X-Client-IP: 209.6.168.128 Message-ID: <1681691279.13362849@apps.rackspace.com> X-Mailer: webmail/19.0.22-RC X-Classification-ID: 1252c025-be35-403a-9c84-2eb223a433bf-1-1 Subject: Re: [Starlink] IXPs in space X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2023 00:27:59 -0000 ------=_20230416202759000000_31613 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0ADavid Fernandez and others here seem to have a *profound* misunderstandi= ng of the core architecture of the Internet Protocols with respect to, say,= Starlink.=0A =0AI am having a hard time sitting on my hands listening to t= his discussion, but hey, I just was one of the few people who spent a lot o= f time on the IP architecture, and maybe there are new, better ideas that w= e somehow missed. Clearly not.=0A =0A#1: There's a reason that the whole In= ternet is designed around "not putting extra functions" into the underlying= network. It's outlined in a paper I wrote with Jerry Saltzer and David Cla= rk, based on the work I did as part of the team that designed IP, TCP, and = UDP, but abstracted as a principle of architecture. Please read the origina= l paper carefully (and for goodness' sake don't read any of the Wikipedia p= ages that claim to explain the End-to-end principle or End=3Dto-end argumen= t, as a primary source I am actively barred from editing it and the paper, = as a primary source, is viewed as suspect by Wikipedia, because Wikipedia r= equires that all citations be *secondary* sources). [ https://web.mit.edu/= Saltzer/www/publications/endtoend/endtoend.pdf ]( https://web.mit.edu/Saltz= er/www/publications/endtoend/endtoend.pdf )=0A =0A#2: DNS service doesn't s= pecify that "geolocation" is a function of the DNS service. It is the job o= f the endpoint *after resolving the DNS name to one of many IP addresses* t= o decide which IP address to use for the DNS name. That is, "geolocation" i= s an endpoint function, not something that the network does by spying on pa= cket contents and faking a response from real DNS servers.=0A =0A#4: In gen= eral, IP as a protocol underlying ALL of the Internet protocols is required= to deliver the content to the address specified by the sender, *without ei= ther reading or modifying the content*. There are certain cases where "masq= uerading" as the destination is sometimes OK, but ONLY when the sender and = receiver are specifically AWARE of this interception. This is called a Man = In The Middle *attack* otherwise.=0A =0A#5: As a special case, some IP addr= esses are "anycast", which has nothing to do with DNS itself as a protocol,= but instead provides some low-level "neighborhood" addressing for a class = of servers. Cloudflare uses 1.1.1.1, for example, as an "anycast" address s= upported by the global Internet Routing architecture (BGP, for example), th= at can be used as a DNS caching resolver (server) address. This works becau= se the DNS database is designed to be replicatable, so one can cache subset= s of the DNS database for short durations without problems, because the ser= vers are "loosely" replicated. But"anycast" doesn't guarantee (anymore than= DNS itself does) that the most up-to-date information is available at any = particular anycast instance. 8.8.4.4 is another DNS anycast address of a di= fferent set of resolvers, and may be more up to date or less up to date tha= n 1.1.1.1.=0A =0A#6: The idea that one can "identify" DNS requests by snoop= ing on layer 2 packets is so crazy it is not even wrong. Layer 2 packets ha= ve layer 2 addresses (like Ethernet addresses, e.g.). Their contents above = Layer 2 cannot be decoded. My DNS requests are DNS-over-HTTPS, except withi= n my home I cache the answers on a local server that uses DNS/UDP/IP. I cer= tainly don't trust any Elon Musk corporation not to spy on my traffic. =0A = =0A#7: The general idea that one should put more function into Starlink Sat= ellites basically will start to "fork" Starlink Enterprises (the Musk compa= nies) as an "alternate Internet" where applications must use only the funct= ions that Starlink supports (where other Internet providers may support bro= ader standards or not support the special "Starlink-only" functions). This = is a way to balkanize the Internet, and maybe Musk who loves Monopoly Power= after all because it makes him more Powerful, sees that as a great thing. = Certainly the Chinese Communist Party is trying hard to balkanize a Chinese= -only Internet, spending a lot of money to block interoperability. Musk may= envy China, I don't know.=0AIf you want a Balkanized, non-interoperable In= ternet, where the carriers feel free to examine all the traffic and create = their own, non-interoperable protocol set, I'd suggest China might be a goo= d place to move. Or maybe Mars?=0A =0ANow what's a powerful idea in the Int= ernet (so far) is that what prevents bad ideas like this is that the Intern= et interprets such stupid ideas as damage, and routes around them. But to r= oute around them, the Internet has to be overall, *interoperable*. =0A =0AT= here's no law, and no "cryptocurrency" like Ethereum that prevents bad idea= s that destroy interoperability, in the Internet Architecture. Anyone can i= nvent and deploy a new protocol, and you can invent new layer 2 transport t= echnologies too. But I daresay we who built the Internet will make it very = clear that anyone ought to "route around you" (including using you with a t= unnal that you can't interfere with except by blocking all communications).= =0A =0ASo, my recommendation: don't do such dumb things!=0A ------=_20230416202759000000_31613 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

David Fernandez and ot= hers here seem to have a *profound* misunderstanding of the core architectu= re of the Internet Protocols with respect to, say, Starlink.

=0A

 

=0A

I am having a hard time sitt= ing on my hands listening to this discussion, but hey, I just was one of th= e few people who spent a lot of time on the IP architecture, and maybe ther= e are new, better ideas that we somehow missed. Clearly not.

=0A

 

=0A

#1: There's a reason that th= e whole Internet is designed around "not putting extra functions" into the = underlying network. It's outlined in a paper I wrote with Jerry Saltzer and= David Clark, based on the work I did as part of the team that designed IP,= TCP, and UDP, but abstracted as a principle of architecture. Please read t= he original paper carefully (and for goodness' sake don't read any of the W= ikipedia pages that claim to explain the End-to-end principle or End=3Dto-e= nd argument, as a primary source I am actively barred from editing it and t= he paper, as a primary source, is viewed as suspect by Wikipedia, because W= ikipedia requires that all citations be *secondary* sources).  https://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf=0A

 

=0A

#2: DNS service = doesn't specify that "geolocation" is a function of the DNS service. It is = the job of the endpoint *after resolving the DNS name to one of many IP add= resses* to decide which IP address to use for the DNS name. That is, "geolo= cation" is an endpoint function, not something that the network does by spy= ing on packet contents and faking a response from real DNS servers.

=0A<= p style=3D"margin:0;padding:0;font-family: arial; font-size: 10pt; overflow= -wrap: break-word;"> 

=0A

#4: In general, IP as= a protocol underlying ALL of the Internet protocols is required to deliver= the content to the address specified by the sender, *without either readin= g or modifying the content*. There are certain cases where "masquerading" a= s the destination is sometimes OK, but ONLY when the sender and receiver ar= e specifically AWARE of this interception. This is called a Man In The Midd= le *attack* otherwise.

=0A

 

=0A

#5: As a special case, some IP addresses are "anycast", which has = nothing to do with DNS itself as a protocol, but instead provides some low-= level "neighborhood" addressing for a class of servers. Cloudflare uses 1.1= .1.1, for example, as an "anycast" address supported by the global Internet= Routing architecture (BGP, for example), that can be used as a DNS caching= resolver (server) address. This works because the DNS database is designed= to be replicatable, so one can cache subsets of the DNS database for short= durations without problems, because the servers are "loosely" replicated. = But"anycast" doesn't guarantee (anymore than DNS itself does) that the most= up-to-date information is available at any particular anycast instance. 8.= 8.4.4 is another DNS anycast address of a different set of resolvers, and m= ay be more up to date or less up to date than 1.1.1.1.

=0A

 

=0A

#6: The idea that one can "identif= y" DNS requests by snooping on layer 2 packets is so crazy it is not even w= rong. Layer 2 packets have layer 2 addresses (like Ethernet addresses, e.g.= ). Their contents above Layer 2 cannot be decoded. My DNS requests are DNS-= over-HTTPS, except within my home I cache the answers on a local server tha= t uses DNS/UDP/IP. I certainly don't trust any Elon Musk corporation not to= spy on my traffic. 

=0A

 

=0A

#7: The general idea that one should put more function into St= arlink Satellites basically will start to "fork" Starlink Enterprises (the = Musk companies) as an "alternate Internet" where applications must use only= the functions that Starlink supports (where other Internet providers may s= upport broader standards or not support the special "Starlink-only" functio= ns). This is a way to balkanize the Internet, and maybe Musk who loves Mono= poly Power after all because it makes him more Powerful, sees that as a gre= at thing. Certainly the Chinese Communist Party is trying hard to balkanize= a Chinese-only Internet, spending a lot of money to block interoperability= . Musk may envy China, I don't know.

=0A

If you want= a Balkanized, non-interoperable Internet, where the carriers feel free to = examine all the traffic and create their own, non-interoperable protocol se= t, I'd suggest China might be a good place to move. Or maybe Mars?

=0A 

=0A

Now what's a powerful = idea in the Internet (so far) is that what prevents bad ideas like this is = that the Internet interprets such stupid ideas as damage, and routes around= them. But to route around them, the Internet has to be overall, *interoper= able*. 

=0A

 

=0A

T= here's no law, and no "cryptocurrency" like Ethereum that prevents bad idea= s that destroy interoperability, in the Internet Architecture. Anyone can i= nvent and deploy a new protocol, and you can invent new layer 2 transport t= echnologies too. But I daresay we who built the Internet will make it very = clear that anyone ought to "route around you" (including using you with a t= unnal that you can't interfere with except by blocking all communications).=

=0A

 

=0A

So, my recomm= endation: don't do such dumb things!

=0A

 

<= /font> ------=_20230416202759000000_31613--