Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Loose Source Routing

  • From: smd
  • Date: Tue Mar 06 21:44:36 2001

Jared Mauch writes:

| 	The reason to permit this is to verify peering policy.  This
| allows people to traceroute to verify packet path.  Example:
| I announce only.  I want to verify that you are not
| pointing default at me, so I can do a loose source 
| traceroute to via the peering point.

Yes, this is one use of LSRR, but this can be accomplished through
a standard looking-glass, also, which in my opinion is a much better
requirement of one's potential peers (and suppliers).

The major cost to LSRR is not in security (LSRR doesn't open any new
attacks, it just makes some that require handshaking easier, when
IP addresses are used as "authentication"), but rather in slow-path
performance in some types of router/software combinations.

LSRR is a phenomenally useful feature that simply was never
popularized at the client level; few people used the 
"telnet @gateway1@gateway2:destination" syntax in those telnets
that supported LSRR, and nearly no other clients offered any
way to construct LSRR, pace traceroute and some pings.

As a result, barely any effort goes into LSRR support in intermediate
systems (routers, gateways, NATs, you name it) -- vicious circle.

SSRR is even less well known/supported in the network.  On the
other hand, haha, that's what we have MPLS for (puke puke puke).

There is an important lesson here for people who suggest that route
optimization policy should be done on hosts rather than in the network.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.