BTW, the IESG response implied that the allegations of scientific fraud
were (somehow) not substantiated. Following is a summary of the
allegations, and after that is the DNSMON source code for sending
packets. The source code plainly constructs a UDP (and only UDP) packet.
-------
What the full community may not know, [but ISC, RIPE, Joe Abley, David
Kessens, Brian Carpenter, and the IESG do know], is that the report
claiming that stateful anycast was stable was fabricated, and that no
stateful testing was performed by the DNSMON program. Contrary to
assurances given by Karrenberg, there is no data which supports the
notion that stateful DNS Anycast is safe, nor any data that disputes
data and assertions that show DNS Anycast is unsafe.
The notion of a safe stateful anycast operation as asserted by Daniel
Karrenberg (http://www.nanog.org/mtg-0505/pdf/karrenberg.pdf) has now
been discredited. Karrenberg's document misled people to believe that
stateful anycast was safe, when in fact Karrenberg didn't perform any
stateful testing whatsoever.
The controversy began in 2002 with announcements by RIPE NCC and ISC
(operators of K-root and F-root, respectively) to sell Anycast instances
of K and F servers.
In October, 2004, Mark Kosters reports on data gathered at J root:
http://www.nanog.org/mtg-0410/pdf/kosters.pdf
+ Expected to see a saw tooth distribution .
instead have a noisy distribution in many cases
+ Does not affect UDP
+ DO NOT RUN Anycast with Stateful Transport
http://www.rssac.org/meetings/04-08/2004WashDC.html
At the November 7th, 2004 RSSAC meeting, Kosters repeats warning on
stateful DNS Anycast, but is disputed by Karrenberg. In May 2005, after
one day after suppressing discussion on Nanog by Anderson, Karrenberg
unqualified assurance that Anycast is safe, and please "do not to spread
this false rumor" http://www.nanog.org/mtg-0505/pdf/karrenberg.pdf
It is later found (January, 2006) [reported to IESG March, 2006] that
Karrenberg has done no stateful testing whatsoever, and that Karrenberg
did not reveal that his testing was only for stateless DNS, and
therefore had no relevance to the safety of stateful DNS Anycast. [To
put this in context of current news, this is the difference between
creating a stem cell line, and creating a new stem cell line. It was a
scientific fraud to describe the former as the latter. A one-word
difference]
This discovery was only made when Anderson examined the source code to
the DNSMON program written by Karrenberg to conduct this testing.
Now put this in context along with repeated assertions from Joe Abley
and others associated with ISC and RIPE that stateful anycast is safe
and even non-controversial. More history is found at
http://www.av8.net/IETF-watch/DNSRootAnycast/History.html
----------
copyright from main.c:
/*
* Copyright (c) 2003, 2004 RIPE Network Coordination Center
* Mark Santcroos <marks(_at_)ripe(_dot_)net>
*
* All Rights Reserved
*
* Permission to use, copy, modify, and distribute this software and its
* documentation for any purpose and without fee is hereby granted,
* provided that the above copyright notice appear in all copies and that
* both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of the author not be
* used in advertising or publicity pertaining to distribution of the
* software without specific, written prior permission.
*
* THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
* ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
* AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
* DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: main.c,v 1.12 2005/05/23 12:35:43 kevin Exp $
*
*/
sendpacket function from sending_process.c:
/*
* Sendpacket
* takes a buffer and send it out to socket
*/
struct timeval
sendpacket(char *packet, struct server list[], int entry)
{
int ret;
int size;
struct ip *iphdr;
struct udphdr *udphdr;
char *sndbuf = (char *)malloc(512);
int udplen;
int iplen;
int datalen;
struct sockaddr_in saddr;
struct timeval send_time;
datalen = list[entry].size;
iplen = sizeof(struct ip);
udplen = sizeof(struct udphdr);
iphdr = (struct ip *) sndbuf;
udphdr = (struct udphdr *) (sndbuf + sizeof(struct ip));
/* copy to the actual send buffer */
memcpy(sndbuf+iplen+udplen, packet, datalen);
iphdr->ip_v = IPVERSION;
iphdr->ip_hl=sizeof(struct ip) >> 2;
iphdr->ip_id = 0; /* 0 means kernel set appropriate value */
iphdr->ip_len = sizeof(struct ip) + sizeof(struct udphdr) + datalen;
iphdr->ip_tos = 0;
iphdr->ip_off = 0;
iphdr->ip_p = IPPROTO_UDP;
iphdr->ip_ttl = 0x40;
/* set aquired first ip address */
iphdr->ip_src.s_addr = htonl(src_ip);
iphdr->ip_dst.s_addr = inet_addr(list[entry].address);
size = iplen + udplen + datalen;
udphdr = (struct udphdr *) (sndbuf + sizeof(struct ip));
udphdr->uh_sport = htons(UDP_SRC_PORT);
udphdr->uh_dport = htons(53);
udphdr->uh_ulen = htons(sizeof(struct udphdr) + datalen);
udphdr->uh_sum = do_checksum(sndbuf, IPPROTO_UDP,
sizeof(struct udphdr) + datalen);
/* this will be the time the measurements get logged */
gettimeofday(&send_time, NULL);
ret = sendto(raw_fd, sndbuf, size, 0,
(struct sockaddr *)&saddr, sizeof(saddr));
if (ret < 0) {
perror("sendto");
exit(1);
}
#ifdef SENDING_DEBUG
printf("%d bytes send.\n", ret);
#endif /* SENDING_DEBUG */
free(sndbuf);
return (send_time);
}
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf