[100932] in North American Network Operators' Group
Re: Another question on rfc1918
daemon@ATHENA.MIT.EDU (Bruce M Simpson)
Sat Nov 24 15:59:04 2007
Date: Sat, 24 Nov 2007 20:58:05 +0000
From: Bruce M Simpson <bms@incunabulum.net>
To: Michael Painter <tvhawaii@shaka.com>
CC: nanog@merit.edu
In-Reply-To: <002401c82e1b$1aac6700$82067ece@DELL16>
Errors-To: owner-nanog@merit.edu
Michael Painter wrote:
>
> Source route allows the packets to follow a set path. It does not
> require the standard routing protocols and is thus dangerous. Source
> routing is used in a number of multicast protocols (still) and many are
> loath to disable it.
Not true. DVMRP with tunnels hasn't been used for inter-domain multicast
for a long time.
Many implementations, including FreeBSD, have deprecated the use of IPIP
and LSRR.
I believe most folk who are serious about inter-domain multicast are
running BGP with PIM-SM and MSDP. However, this hasn't really been
accessible to the individual hobbyist until now, and there are no free
MSDP implementations out there that I know of.
If security is a concern, turn LSRR off on packet filtering NAT
gateways, if you don't know *for sure* that the forwarding plane is
smart enough to block LSRR according to a well-defined site security policy.
There are however cogent arguments for turning LSRR on in an AS's
transit routers here:
http://www.gweep.net/~crimson/network/lsrr.html
regards,
BMS
