[50604] in North American Network Operators' Group
Re: If you have nothing to hide
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Mon Aug 5 18:49:38 2002
To: eosborne@cisco.com (Eric Osborne)
Date: Mon, 5 Aug 2002 18:46:59 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <20020805202639.GV8579@eosborne-u10.cisco.com> from "Eric Osborne" at Aug 05, 2002 04:26:39 PM
From: <bdragon@gweep.net>
Errors-To: owner-nanog-outgoing@merit.edu
>
>
>
> > Validation of routing policy to ensure others aren't abusing you (pointing
> > default, for example). As for orders of magnitude, once an IP option is
> > in a packet, the damage is essentially done, otherwise looking up the
> > path to an address in the options is no more impactive than looking up the
> > address in the original destination field.
>
> Well, no. Not really.
> First off, following the 80/20 rule (or in this case 99.x/(100-99.x)
> rule) says that hardware implementations which get optioned packets
> punt them to software. This is at every hop.
>
> Second, the IP source route is a stack of IP addresses, which must be
> modified at every hop. This implies not just software forwarding, but
> also significantly more work than an IP lookup.
As I said, once the option is in the packet, the damage is done.
If the performance sucks for the person using the source-routing, who
cares, assuming packets without IP options are forwarded without
delay.
If I'm not mistaken, most (if not all) vendors still punt the
packets with source-routing options to software, even if they end
up dropping the packet due to administrative decision.
> eric
