On 11/12/24 14:41, James Knott wrote:
On 11/12/24 17:26, Lew Wolfgang wrote:
I don't think I was being clear enough.  With SNI the DNS system functions
sort of as a router in the Internet as it has developed.  Permit me to
include below part of the write up by Geoff Huston, Chief Scientist at
APNIC.

All a DNS server does is provide an address to a host name and often a host name to an address.  That's it.  With SNI, the destination host name is extracted from the packet to decide what to do with the packet.  This could mean deciding which virtual server to use on a physical server or, if in a router, to look up the destination. 

The non-natted destination server is responsible for extracting the service
names.  Routers only need to look at the IP addresses as usual.

The problem with NAT is multiple devices are hiding behind a single public address.  In this context, the router is using that host name to decide where to send the packet.  In this instance, the DNS was used to find the public address, not to decide what to do when the packet hits the router.  The router will then have to examine all incoming packets, to determine what the local destination is, using either a hosts file or local DNS.  Once again, a router should not be doing that.  It's supposed to route solely on the IP address.

In our CDN oriented Internet,  public-facing servers aren't on natted
networks.  It's the clients that are on natted networks.  So the routers
operate as usual.  CIDR helps to increase the number of publicly reachable
servers, SNI increases the number of applications that can be supported
by the CIDR addresses, and NAT increases the number of clients that
can reach the CIDR/SNI servers.  All without increasing the load on routers.
With IPv4 the number of available names is virtually infinite, and the number
of nested natted clients is virtually infinite, the main rationale for IPv6
is then moot for this use case.  If your use case requires true point-to-point,
then IPv6 is your ticket. 


My understanding is the original purpose of SNI was the virtual server situation, not routing.  Regardless, DNS has nothing to do with routing.

From the article:
"It’s the DNS that increasingly is used to steer
users to the ‘best’ service delivery point for content or service."

That's the point I was trying to make.


With large servers, such as Google, etc., the servers are distributed over an area.  The DNS can be used to determine the appropriate destination server for a user, depending on their location.  The steering mentioned in the article simply means providing the IP address of the nearest, or otherwise best, server.  Then the routers can do their work to get their.


Regards,
Lew