Re: NAP/ISP Saturation WAS: Re: Exchanges that matter...
Tony Li wrote:
So what's the $0.02 fix for eliminating the fate-sharing between routing and payload that GGP got wrong?
Did i say anything about eliminating fate-sharing? What i said is that routing updates should not be _routable_. That means that only parties directily connected to the physical medium can be originators of updates received from that medium. It is like ARP -- you can't do anything about it until you've broken into a directly connected machine, or evaded physical security. I.e. to produce DOS attack with ARP you need to mount a lot more destructive attack first. Actually, given the simple fact that a properly implemented link keepalive protocol provides adequate discovery of link and gateway failures, it is not clear that sending routing updates over the same physical medium as data has any intrinsic value. Similarly, there's no reason why medium cannot be shared between network control and user traffic, as long as network control is given unconditional priority. (And, no, practially all link keepalive protocol implementations are insane; cisco's a notorious example. No flap dampening, no hold-down "blackholing" after a failure (so as not to generate route withdrawals for transient link outages), silly priority and no sub-second ping intervals, and forget about LQM). --vadim
So what's the $0.02 fix for eliminating the fate-sharing between routing and payload that GGP got wrong?
Did i say anything about eliminating fate-sharing? What i said is that routing updates should not be _routable_. Excuse me, I misunderstood. I thought you were trying to solve the DoS problem and were advocating out-of-band signaling. Actually, given the simple fact that a properly implemented link keepalive protocol provides adequate discovery of link and gateway failures, it is not clear that sending routing updates over the same physical medium as data has any intrinsic value. Agreed. However, the link keepalive must fate-share with the traffic. And that alone is sufficient to allow DoS attacks. Similarly, there's no reason why medium cannot be shared between network control and user traffic, as long as network control is given unconditional priority. Agreed, this would be the best of all worlds. Not implemented anywhere as far as I know. (And, no, practially all link keepalive protocol implementations are insane; cisco's a notorious example. No flap dampening, no hold-down "blackholing" after a failure (so as not to generate route withdrawals for transient link outages), silly priority and no sub-second ping intervals, and forget about LQM). None of these have anything to do with the link keepalive protocol and everything to do with internal link implementation. Let's not confuse the issue. Tony
participants (2)
-
Tony Li
-
Vadim Antonov