Date: Fri, 22 Nov 2002 16:04:06 -0800 (PST) From: Nate Lawson <nate@root.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: hackers@freebsd.org Subject: Re: Changing socket buffer timeout to a u_long? Message-ID: <Pine.BSF.4.21.0211221559460.72334-100000@root.org> In-Reply-To: <3DDEC081.D5A78DEF@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Nov 2002, Terry Lambert wrote: > Nate Lawson wrote: > > As a member of the e2e camp, I'd say that any device which is looking at > > sequence space is implicitly an endpoint and has to accept the processing > > limitations as such. MITM devices (load balancers, firewalls, etc.) are > > IMO a poor workaround for the fact that most endpoints have a closed OS > > with weak software management tools. Every endpoint should have MAC > > capability with per-application filters on network traffic and single > > system image features for load balancing. Add in robust management tools > > and you get all the features of network devices without MITM. This is the > > direction I hope FreeBSD continues in. > > The main problem is things like third party web-enabled applications > that are not built on an anonymous work-to-do model, and/or are not > capable of sharing session state across multiple instantiations. > > Nothing you do to the OS is going to enable a local "shopping cart" > cookie, for example, to look up the "shopping cart" contents on one > web server, if the cookie was issued by another. Neither is an SSL > session going to be transferrable between back-end servers, since > the session is persistent across requests. This is orthogonal to the original discussion but if you had a single system image, you use the OS to share state just like you share state between multiple processes on the same machine. The same primitives work. To a lesser degree, a shared directory service gives you the same thing but requires more application support. Finally, the most difficult to use as an application programmer is custom, explicit sharing through writing your own state management protocol or layering it on top of NFS or LDAP. > Load balancers and other "MITM" devices are just something you are > going to have to live with. 8-). Yes, but because of the reasons I mentioned before -- closed endpoints with weak distributed application support. -Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0211221559460.72334-100000>