Border Gateway Protocol
There needs to be a standards compliant scheme to remove duplicate consecutive ASNs in the AS_SEQUENCE attribute, to undo the AS(s) prepended by administrative domains whom elected to manipulate the AS path. - Conversely there is not a need to remove duplicate consecutive ASNs in the AS_CONFED_SEQUENCE because that is within self-control.
More generally there has to be a way to un-mangle anything that a neighbour AS has done.
Multi-Protocol Label Switching
The motivation for MPLS was as an alternative to IP longest prefix matching for Routers, with influence from the deficiencies of Asynchronous Transfer Mode and to 'show up' The ATM Forum. Since circa 1996 label switching has become a means for an entity to provide private interconnection of another organisation's incongruent network. As of this writing MPLS does not benefit the source or destination host in the administrative domain that has deployed it.
For MPLS to be useful it must be transitive beyond an AS and the label-space needs to be globally unique and without fiscal encumbrance. [Historic recurrence: "A Framework for MPLS" draft-ietf-mpls-framework-00 (188.8.131.52 Other Label Allocation Methods, paragraph Ⅱ)]
To ensure the efficacy of MPLS the hosts would utilise source-based routing originating from the reliable flooding of a label representing the host itself and for each of its interfaces by a TLV from an equivalent of PNNI within the routing domain, for congruence these labels and the SPF graph would be conveyed via BGP between Autonomous Systems.
With my proposal there is not a need for a 'resolution protocol' as each link-label is an EUI-64, for which an IPv6 Global Unicast Address by Stateless Address Autoconfiguration can be resolved to a hardware address and vice versa. The label that the host is to use for itself is equal to the numerically-lowest of its link-labels. - This is the only instance where duplicate labels do not signify a loop in the graph; This also infers that every host along with its numerically-lowest link must appear in the SPF graph.
- Datagram service would pop each link-label on ingress and pop each host-label on egress — if the label becomes unknown the PDU is dropped.
A reliable service would keep all labels intact and would indicate whether the label is traversing in the forward or reverse direction — if a succeeding labelled-link is down an indicator bit is flipped so that the label is then delivered to the source host — if during the reverse journey the label cannot return to the preceding label the PDU is dropped. [This theory is too simplistic as there is not a means for the source host to know at which label the PDU could not proceed] The label space would need to include an additional 1 bit field for each label to indicate at which label the PDU could not proceed, alternatively there could be a 10 (sufficiently sized to accommodate the diameter of the Internet) bit field (the most significant bit is for the direction) akin to a hop limit that is decremented per label. - Both approaches can be the method of signifying that these labels are not a datagram service.
If an overlay network is desired at Open Systems Interconnection model pseudo-layer 2 ½ then we could go back to the future and deploy CLNP, with its benefits of ES-IS redirects and the need of a host to have only one address for all of its interfaces, by developing IPinCLNS.
Security Or Insecurity
Before intercepting, altering or restricting packets between End Systems, you must have consent from the user of the source address and the user of the destination address for every permutation of source to destination flow. When a user changes at either the source or destination host you must again be granted consent before intercepting, altering or restricting their first packet.
If you do not have permission from a user of either the source or destination address, the only lawful means to intercept, alter or restrict a packet is by a directive of the legislature or the judiciary executing due process in the locale that the equipment resides. - A problematic situation will ensue when your equipment and either of the users are in a jurisdiction which does not have bilateral accord with that you are compelled.
Virtual Local Area Networks
It must be by volition of the user of an End System whether and which VLANs they participate in.
IEEE 802.1Q does not include a mechanism for an Ethernet Switch to signal to a host for permission to assign a VLAN to the port that the host is attached. In the case that the VLAN tag is transitive, subsequent Switches and hosts need to be permissive of the VLANs they receive by stripping all VLAN tags on ingress and then on egress being courteous to their LAN by transmitting all frames untagged.