On 11-aug-04, at 13:58, Pekka Savola wrote:
The justification is simple: any "magic" packets which all routers on
the path must somehow examine and process seems a very dubious concept
when we want to avoid DoS attacks etc. on the core equipment which
must run on hardware: effectively this means that either these are
ignored in any case (nullifying the use of such options), or put on a
"slow path" (causing a potential for DoS). IMHO, it seems just simply
bad protocol design to require such behaviour.
Well, think of it this way: by having this option, at least you know
you DON'T have to look at all the packets that don't have this option
in them. So that's a big fat optimization right there. :-)
Obviously there can be DoS issues here, but these can be managed with
rate limiting. Just as long as failure by the router to look at the
option can be survived in some fashion by the protocol, there shouldn't
be any problems.
Anyway, this is an operational issue. People who don't want their
routers to potentially handle all packets in the slow path should have
the option of disabling this feature. Removing existing specifications
won't do much good here. (As it almost never does.)
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf