On Mon, 24 Apr 2000 22:18:09 +0200, Anthony Atkielski
<anthony(_at_)atkielski(_dot_)com> said:
allocate a fixed space in advance. In a variable-length address space, you
don't have to anticipate any kind of advance allocation--you can just add
digits to addresses where they are required, and routers only need to look
at enough of an address to figure out where it should go next. In a
Actually, we argued a *lot* about fixed/variable. The reason 128
bit fixed won out was to a large extent due to the people from
various large high-performance router companies wanting a way to
switch packets *quickly*. At the time, a DS3 was considered REALLY
fast, and only a few places had FDDI campus backbones.
The problem is that the router guys wanted to fast-path the case of
"no IP option field, routing entry in cache" so that after seeing
only the first few bytes, they could know what interface to enqueue
the outbound packet on *before the entire packet had even come in*.
So for them, the idea of being able to take a known fixed-lenght field
that happened to line up nicely on the hardware memory cache lines,
stuffing it through an associative-lookup cache or other hardware
assist, and knowing in one or three cycles how to route it, was
VERY enticing.
Of course, an OC48 instead of a DS3 only makes it more crucial -
do the math, and figure out how many nanoseconds you have to make
a routing decision when reading off an OC48...
Furthermore, if it's a variable-length address, the
router has to know where the end is, in order to look
at the next field.
Just put that up front. For example, prefix the address with a length byte.
If the byte is zero, the address is four bytes long (compatible with IPv4).
It's not really hard. You just have to write the code up front to handle
it. And if you don't want to allow for infinite capacity (you have to stop
It's easy to do for an end-user workstation that's already bogged down
by the bloat inherent in <insert your least favorite OS vendor here>.
It's hard to do for something that's truly high-performance.
Hmm... I don't know. If you restrict the address field to routing only, do
you still need anti-spoofing? A given address can lead to only one
endpoint, unless I'm missing something here.
Well, at least around here, we also look at the *source* address on
all packets inbound to our routers to see if they make sense. If it's
coming in from off-campus, it shouldn't have a prefix that belongs to
our AS. If it's coming into our backbone from a building subnet, the
source better be in that subnet's range. And so on. RFC2267 talks
about it in more detail.
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech