Date: Fri, 22 Nov 2002 15:40:49 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Nate Lawson <nate@root.org> Cc: hackers@freebsd.org Subject: Re: Changing socket buffer timeout to a u_long? Message-ID: <3DDEC081.D5A78DEF@mindspring.com> References: <Pine.BSF.4.21.0211221057170.71270-100000@root.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Lawson wrote: > As a member of the e2e camp, I'd say that any device which is looking at > sequence space is implicitly an endpoint and has to accept the processing > limitations as such. MITM devices (load balancers, firewalls, etc.) are > IMO a poor workaround for the fact that most endpoints have a closed OS > with weak software management tools. Every endpoint should have MAC > capability with per-application filters on network traffic and single > system image features for load balancing. Add in robust management tools > and you get all the features of network devices without MITM. This is the > direction I hope FreeBSD continues in. The main problem is things like third party web-enabled applications that are not built on an anonymous work-to-do model, and/or are not capable of sharing session state across multiple instantiations. Nothing you do to the OS is going to enable a local "shopping cart" cookie, for example, to look up the "shopping cart" contents on one web server, if the cookie was issued by another. Neither is an SSL session going to be transferrable between back-end servers, since the session is persistent across requests. Load balancers and other "MITM" devices are just something you are going to have to live with. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DDEC081.D5A78DEF>