[35306] in North American Network Operators' Group
Re: Loose Source Routing
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Mar 6 17:43:13 2001
Date: Tue, 6 Mar 2001 14:40:13 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: David McGaugh <david_mcgaugh@eli.net>
Cc: nanog@merit.edu
Message-ID: <20010306144013.A12082@puck.nether.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3AA5233B.E128EF5A@eli.net>; from david_mcgaugh@eli.net on Tue, Mar 06, 2001 at 09:49:47AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Mar 06, 2001 at 09:49:47AM -0800, David McGaugh wrote:
> What are people's feelings on loose source routing? The general
> sentiment around here is that it is a very evil thing. The reason I ask
> is that there is a certain network out there (who will remain nameless)
> who refuses to peer unless loose source routing is enabled. I can
> somewhat understand their reasoning (they can reroute traffic on OUR
> network as necessary) but the security implications far out way the
> benefits. Not only this I'm not comfortable with an outside source
> having control over routing on our network anyway.
Huh?
The reason to permit this is to verify peering policy. This
allows people to traceroute to verify packet path. Example:
I announce 172.16.0.0/16 only. I want to verify that you are not
pointing default at me, so I can do a loose source
traceroute to 10.0.0.0 via the peering point.
Most peoples peering policies that I'm aware of only required that
it be enabled at the edge (peering/nap router).
- Jared
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
