Hosting Provided By

Re: Another question on rfc1918

From: Bruce M Simpson <bms(at)incunabulum.net>
Date: Sat Nov 24 2007 - 15:58:05 EST

Michael Painter wrote:

> Source route allows the packets to follow a set path. It does not
> require the standard routing protocols and is thus dangerous. Source
> routing is used in a number of multicast protocols (still) and many are
> loath to disable it.

Not true. DVMRP with tunnels hasn't been used for inter-domain multicast for a long time.
Many implementations, including FreeBSD, have deprecated the use of IPIP and LSRR.

I believe most folk who are serious about inter-domain multicast are running BGP with PIM-SM and MSDP. However, this hasn't really been accessible to the individual hobbyist until now, and there are no free MSDP implementations out there that I know of.

If security is a concern, turn LSRR off on packet filtering NAT gateways, if you don't know *for sure* that the forwarding plane is smart enough to block LSRR according to a well-defined site security policy.

There are however cogent arguments for turning LSRR on in an AS's transit routers here:

http://www.gweep.net/~crimson/network/lsrr.html

regards,
BMS Received on Sat Nov 24 15:59:57 2007

Do you need help?

This message: [ Message body ]
Next message: Joel Jaeggli: "Re: unwise filtering policy from cox.net"
Previous message: ' =JeffH ': "comcast net issues in SFBay area ?"
In reply to: Michael Painter: "Another question on rfc1918"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 07:22:16 EDT