At 00:04 13.04.2000 -0400, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Wed, 12 Apr 2000 23:21:18 +0200, Harald Tveit Alvestrand said:
> > The source address of a datagram was an architectural mistake, and
should
> > never have been in the mandatory packet format.
OK, I'll bite - either I'm missing something, or it's 11 days past the
traditional time for such statements. If the source address wasn't
in the mandatory packet, what would we use for the 4-tuple identifying
a connection?
ok :-)
that statement illustrates the reason I think so.
The source address fulfils about 4 purposes:
- the address to which a response should be sent.
For connection oriented stuff, this is part of connection establishment.
For connectionless stuff, it needs to be only in an initial fragment.
In one-way transport ("broadcast") it's not needed.
In transports with feedback on a different channel (RTP/RTSP), it's
simply the wrong address for this purpose.
In all cases, it's an application layer thing, thus placing it at the
network level is a layering violation.
- the address to which network layer error reports (ICMP) should be sent.
This is not clearly the same as the above one.
- the address of the entity which authorizes the transmission of the message
(as in "ingress filtering").
Being unprotected and guessable means that it's not a particularly well
suited identifier for this. DDOS attacks and SYN spoofs, anyone?
- a simple debugging aid for making trace logs easier to read.
This is worth 4% of our network traffic volume??????
(based on 100-byte average packet size, that's what 4 bytes amounts to)
I don't want to change it (as if I could!), my purpose was to point out
that our current network is the sum of our mistakes, not the network
equivalent of the Mount Sinai tablets.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald(_dot_)Alvestrand(_at_)edb(_dot_)maxware(_dot_)no