|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN floods continue
Vern Paxson <[email protected]> wrote: >In my Internet end-to-end routing study I found that fully 50% of the pairs >of paths through the Internet had a major asymmetry at the end of 1995. Sure, but where the asymmetry is? Certainly not on tail circuits of single-homed customers :) Moreover, multi-homed non-transit networks still announce all routes to all places; i.e. the filtering i was talking about will still work. It breaks on transit networks, i.e. the backbones; but people who run backbones are presumeably clueful enough to disable the filtering on backbone links, and leave it on on customer tail links. >"Major" meaning: visited at least one different city in the two directions. >(30% visited at least one different AS.) This was a significant increase >over the same figure for the end of 1994, 30%. So it may be quite hard to >make and keep Internet routing symmetric. Routing *must* be symmetrical within IGP only networks if metrics in different directions are symmetrical. When the packets leave the routing domain, that's another story. Again, the rule is "dont accept packets from an interface if there's no route for their source addresses pointing back to the same interface". Note that that route does not have to be the best one -- just that the router gets it from somewhere. --vadim - - - - - - - - - - - - - - - - -
|