div class="rxbodyfield"p page="1" class="ArticleBody"Thirty years have passed since the Internet Protocol was first described in a series of technical documents written by early a target="_blank" href="http://www.potaroo.net/ietf/html/ienindex.html"experimenters/a . Since then, countless engineers have created systems and applications that rely on IP as the communications link between people and their computers./pp align="right"a href="http://ad.doubleclick.net/jump/idg.us.info.rss/news;pos=imu;tile=6;sz=336x280;skey=patch_management;pkey=security;ord=123456789?" target="_blank" /img src="http://ad.doubleclick.net/ad/idg.us.info.rss/news;pos=imu;tile=6;sz=336x280;skey=patch_management;pkey=security;ord=123456789?" width="336" height="280" border="0" alt="" align="right"//a/pp page="1" class="ArticleBody"Here#39;s the rub: IP has continued to evolve, but no one has been carefully documenting all of the changes./pp page="1" class="ArticleBody"b[ Some experts predict#160;a href="http://www.infoworld.com/article/08/04/17/Storm-clouds-looming-for-Internet-experts-say_1.html?source=fssr"storm clouds looming for the Internet/a#160;and say#160;a href="http://www.infoworld.com/article/08/05/15/Govts-must-intervene-to-end-IP-address-shortage_1.html?source=rssamp;url=http://www.infoworld.com/article/08/05/15/Govts-must-intervene-to-end-IP-address-shortage_1.html?source=fssr"governments must intervene to end an IP address shortage/a. Keep up on the latest tech news headlines at a href="http://www.infoworld.com/news/?source=fssr"InfoWorld News/a, or subscribe to the a href="http://www.infoworld.com/newsletter/subscribe.html?source=fssr"Today#39;s Headlines newsletter/a. ]/b/pp page="1" class="ArticleBody"quot;The IP model is not this static thing,quot; explains Dave Thaler, a member of the a target="_blank" href="http://www.iab.org/index.html"Internet Architecture Board/a and a software architect for Microsoft. quot;It#39;s something that has changed over the years, and it continues to change.quot;/pp page="1" class="ArticleBody"Thaler gave the plenary address Wednesday at a meeting of the a target="_blank" href="http://www.ietf.org/"Internet Engineering Task Force/a , the Internet#39;s premier standards body. Thaler#39;s talk was adapted from a document the IAB has drafted entitled quot; a target="_blank" href="http://www.ietf.org/internet-drafts/draft-iab-ip-model-evolution-01.txt"Evolution of the IP Model/a .#39;#39;#160;/pp page="1" class="ArticleBody"quot;Since 1978, many applications and upper layer protocols have evolved around various assumptions that are not listed in one place, not necessarily well known, not thought about when making changes, and increasingly not even true,quot; Thaler said. quot;The goal of the IAB#39;s work is to collect the assumptions -- or increasingly myths -- in one place, to document to what extent they are true, and to provide some guidance to the community.quot;/pp page="1" class="ArticleBody"The following list of myths about how the Internet works is adapted from Thaler#39;s a target="_blank" href="http://www.ietf.org/proceedings/08nov/slides/plenaryw-1.pdf"talk/a :#160;/pp page="1" class="ArticleBody"strong1. If I can reach you, you can reach me.br//strongThaler dubs this myth, quot;reachability is symmetric,quot; and says many Internet applications assume that if Host A can contact Host B, then the opposite must be true. Applications use this assumption when they have request-response or callback functions. This assumption isn#39;t always true because middleboxes such as network address translators (NAT) and firewalls get in the way of IP communications, and it doesn#39;t always work with 802.11 wireless LANs or satellite links./pp page="1" class="ArticleBody"strong2. If I can reach you, and you can reach her, then I can reach her.br//strongThaler calls this theory quot;reachability is transitive,quot; and says it is applied when applications do referrals. Like the first myth, this assumption isn#39;t always true today because of middleboxes such as NATs and firewalls as well as with 802.11 wireless and satellite transmissions./pp page="1" class="ArticleBody"strong3. Multicast always works.br//strongMulticast allows you to send communications out to many systems simultaneously as long as the receivers indicate they can accept the communication. Many applications assume that multicast works within all types of links. But that isn#39;t always true with 802.11 wireless LANs or across tunneling mechanisms such as Teredo or 6to4./pp page="1" class="ArticleBody"strong4. The time it takes to initiate communications between two systems is what you#39;ll see throughout the communication.br//strongThaler says many applications assume that the end-to-end delay of the first packet sent to a destination is typical of what will be experienced afterwards. For example, many applications ping servers and select the one that responds first. However, the first packet may have additional latency because of the look-ups it does. So applications may choose longer paths and have slower response times using this assumption. Increasingly, applications such as Mobile IPv6 and Protocol Independent Multicast send packets on one path and then switch to a shorter, faster path./pp page="2" class="ArticleBody"strong5. IP addresses rarely change.br//strongMany applications assume that IP addresses are stable over long periods of time. These applications resolve names to addresses and then cache them without any notion of the lifetime of the name/address connection, Thaler says. This assumption isn#39;t always true today because of the popularity of the Dynamic Host Configuration Protocol as well as roaming mechanisms and wireless communications./pp page="2" class="ArticleBody"strong6. A computer has only one IP address and one interface to the network.br//strongThis is an example of an assumption that was never true to begin with, Thaler says. From the onset of the Internet, hosts could have several physical interfaces to the network and each of those could have several logical Internet addresses. Today, computers are dealing with wired and wireless access, dual IPv4/IPv6 nodes and multiple IPv6 addresses on the same interface making this assumption truly a myth./pp page="2" class="ArticleBody"strong7. If you and I have addresses in a subnet, we must be near each other.br//strongSome applications assume that the IP address used by an application is the same as the address used for routing. This means an application might assume two systems on the same subnet are nearby and would be better to talk to each other than a system far away. This assumption doesn#39;t hold up because of tunneling and mobility. Increasingly, new applications are adopting a scheme known as an identifier/locator split that uses separate IP addresses to identify a system from the IP addresses used to locate a system./pp page="2" class="ArticleBody"strong8. New transport-layer protocols will work across the Internet.br//strongIP was designed to support new transport protocols underneath it, but increasingly this isn#39;t true, Thaler says. Most NATs and firewalls only allow Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) for transporting packets. Newer Web-based applications only operate over Hypertext Transfer Protocol (HTTP)./pp page="2" class="ArticleBody"strong9. If one stream between you and me can get through, so can another one.br//strongSome applications open multiple connections -- one for data and another for control -- between two systems for communications. The problem is that middleboxes such as NATs and firewalls block certain ports and may not allow more than one connection. That#39;s why applications such as File Transfer Protocol (FTP) and the Real-time Transfer Protocol (RTP) don#39;t always work, Thaler says./pp page="2" class="ArticleBody"strong10. Internet communications are not changed in transit.br//strongThaler cites several assumptions about Internet security that are no longer true. One of them is that packets are unmodified in transit. While it may have been true at the dawn of the Internet, this assumption is no longer true because of NATs, firewalls, intrusion-detection systems and many other middleboxes. IPsec solves this problem by encrypting IP packets, but this security scheme isn#39;t widely used across the Internet./pp page="2" class="ArticleBody"strong11. Internet communications are private.br//strongAnother security-related assumption Internet developers and users often make is that packets are private. Thaler says this was never true. The only way for Internet users to be sure that their communications are private is to deploy IPsec, which is a suite of protocols for securing IP communications by authenticating and encrypting IP packets./pp page="2" class="ArticleBody"strong12. Source addresses are not forged.br//strongMany Internet applications assume that a packet is coming from the IP source address that it uses. However, IP address spoofing has become common as a way of concealing the identity of the sender in denial of service and other attacks. Applications built on this assumption are vulnerable to attack, Thaler says./pp page="2" class="ArticleBody"ema target="_blank" href="http://www.networkworld.com"Network World/a/em emis an InfoWorld affiliate/em/p/divbr style=clear: both;/ a href=http://www.pheedo.com/click.phdo?s=8d2a452e447cfdd98c4745a2d58e2228p=1img alt= style=border: 0; border=0 src=http://www.pheedo.com/img.phdo?s=8d2a452e447cfdd98c4745a2d58e2228p=1//a img src=http://www.pheedo.com/feeds/tracker.php?i=8d2a452e447cfdd98c4745a2d58e2228 style=display: none; border=0 height=1 width=1 alt=/