|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Loose Source Routing
Hosts cannot and should not do route optimization since it requires the knowledge of global network toplogy. BGP to every host? Nyet! Now, LSRR is _expensive_. Modern routers handle packets with options in hardware, and doing IP options in hardware is not cheap. (BTW, what other options are actually used? :) IMO, prohibiting IP options altogether would be a good idea (and don't ask me about fragmentation). As for debugging routing - isn't it much better to ask OFRVs to add remotely accessible traceroute servers to their boxes? There is no engineering or economic justification for diagnostic fucntionality like LSRR to stay anywhere close to the fast packet path. --vadim Brought to you by the Society For Non-Perpetuation Of Old Kludges and The K.I.S.S. Coalition. Next topic on agenda - "Do We Really Need Fragmentation In Backbones?" On Tue, 6 Mar 2001 [email protected] wrote: > > Jared Mauch writes: > > | The reason to permit this is to verify peering policy. This > | allows people to traceroute to verify packet path. Example: > | I announce 172.16.0.0/16 only. I want to verify that you are not > | pointing default at me, so I can do a loose source > | traceroute to 10.0.0.0 via the peering point. > > Yes, this is one use of LSRR, but this can be accomplished through > a standard looking-glass, also, which in my opinion is a much better > requirement of one's potential peers (and suppliers). > > The major cost to LSRR is not in security (LSRR doesn't open any new > attacks, it just makes some that require handshaking easier, when > IP addresses are used as "authentication"), but rather in slow-path > performance in some types of router/software combinations. > > LSRR is a phenomenally useful feature that simply was never > popularized at the client level; few people used the > "telnet @[email protected]:destination" syntax in those telnets > that supported LSRR, and nearly no other clients offered any > way to construct LSRR, pace traceroute and some pings. > > As a result, barely any effort goes into LSRR support in intermediate > systems (routers, gateways, NATs, you name it) -- vicious circle. > > SSRR is even less well known/supported in the network. On the > other hand, haha, that's what we have MPLS for (puke puke puke). > > There is an important lesson here for people who suggest that route > optimization policy should be done on hosts rather than in the network. > > Sean.
|