[42889] in North American Network Operators' Group
Re: Question on Source Routing Option
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Sep 25 12:13:18 2001
Message-Id: <200109251612.f8PGCdr08434@foo-bar-baz.cc.vt.edu>
To: tarun banka <t_banka@hotmail.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 25 Sep 2001 15:56:56 -0000."
<F96uZDNHG8nwlTfkp4q00005c44@hotmail.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1503868382P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 25 Sep 2001 12:12:39 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1503868382P
Content-Type: text/plain; charset=us-ascii
On Tue, 25 Sep 2001 15:56:56 -0000, tarun banka <t_banka@hotmail.com> said:
> server to client and vice versa. I am aware that source routing option is
> disabled because of security risks. I want to know is there any tool which
> can help me in finding what routers that can support source routing. It
The problem you will find is that even if you can locate a router that
supports source routing, the chances are high that there will be one or more
routers that actively block source-routed packets.
Depending on what you're trying to research, you *may* be able to get by
with a setup as follows:
B
/ \
A D
\ /
C
and using pairs of VPN tunnels (A-B B-D) and (A-C C-D) to simulate source
routing.
Not only is source routing often a security issue, it also suffers from
major workability problems: a) it doesn't scale well (tragedy of the commons)
even if you find a better path, if everybody does it, the better path isnt
better anymore. b) If you're source routing through someplace that becomes
unreachable, the routing protocols know, but you dont.
Much historical info on why source routing doesn't work can be found in
old UUCP bang-paths - seismo!<something>!sandbox!clutx! was mine for a while,
and of course mail didnt move if something-sandbox wasnt working....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_1503868382P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.5 07/09/2001
iQA/AwUBO7Cs9nAt5Vm009ewEQK7QQCgid/8C7s4TBKkSYzkN/6wdpuZy3QAoL3U
LCEbarryFrfuISeHhxpJXxU7
=pAP2
-----END PGP SIGNATURE-----
--==_Exmh_1503868382P--
