From owner-freebsd-hackers  Fri Nov 22 15:42:18 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3904337B401
	for <hackers@freebsd.org>; Fri, 22 Nov 2002 15:42:17 -0800 (PST)
Received: from mallard.mail.pas.earthlink.net (mallard.mail.pas.earthlink.net [207.217.120.48])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CB09343EA3
	for <hackers@freebsd.org>; Fri, 22 Nov 2002 15:42:16 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0236.cvx40-bradley.dialup.earthlink.net ([216.244.42.236] helo=mindspring.com)
	by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 18FNR3-0002xk-00; Fri, 22 Nov 2002 15:42:09 -0800
Message-ID: <3DDEC081.D5A78DEF@mindspring.com>
Date: Fri, 22 Nov 2002 15:40:49 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Nate Lawson <nate@root.org>
Cc: hackers@freebsd.org
Subject: Re: Changing socket buffer timeout to a u_long?
References: <Pine.BSF.4.21.0211221057170.71270-100000@root.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Nate Lawson wrote:
> As a member of the e2e camp, I'd say that any device which is looking at
> sequence space is implicitly an endpoint and has to accept the processing
> limitations as such.  MITM devices (load balancers, firewalls, etc.) are
> IMO a poor workaround for the fact that most endpoints have a closed OS
> with weak software management tools.  Every endpoint should have MAC
> capability with per-application filters on network traffic and single
> system image features for load balancing.  Add in robust management tools
> and you get all the features of network devices without MITM.  This is the
> direction I hope FreeBSD continues in.

The main problem is things like third party web-enabled applications
that are not built on an anonymous work-to-do model, and/or are not
capable of sharing session state across multiple instantiations.

Nothing you do to the OS is going to enable a local "shopping cart"
cookie, for example, to look up the "shopping cart" contents on one
web server, if the cookie was issued by another.  Neither is an SSL
session going to be transferrable between back-end servers, since
the session is persistent across requests.

Load balancers and other "MITM" devices are just something you are
going to have to live with.  8-).

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message