hardie
commented
3 years ago Melinda Shore commented almost a dozen years ago that "the Internet has become a field into which tunnels are dug". So this phenomenon isn't actually all that new. Those tunnels were primarily about creating limited-reachability overlays. Often that meant that the final destination of a flow was hidden within an encapsulation. That meant that the base routing system was only part of the reachability story and part of the path optimization story. (Think of all the times a VPN goes to a ULA-addressed or RFC 1918 enterprise network--the routers along the path never know of the ULA and can't do shortest-path or any other optimization for it). That history includes a bunch of issues that are touched on in https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_black.pdf and later RFC 8085.
But I think we are moving into an era where it both becomes the effective default and into an era where even the state mechanics of the encapsulation aren't visible. When something is 10% of the traffic, you can handle the overhead of managing it with spare capacity or slow-path analysis. That ceases to work when it is 90% and/or when the slow path analysis has to store a packet train to get useful data.
mirjak
jariarkko
Do we end up with trusted paths through nodes (like Masque proxies) that allow clients to choose encrypted trusted paths, all over the basic "invisible" internet that no longer sees or intercepts raw traffic.