Things to do to make the network better

Havard.Eidnes at runit.sintef.no Havard.Eidnes at runit.sintef.no
Thu Jan 8 14:07:12 UTC 1998


> We have routers with ISDP PRI links, where the routing
> information arrives from RADIUS via a CHAP login. There are 600
> routed objects in the RADIUS database, as well as 10k+
> non-routed (dynamic IP) objects. Every ISDN router therefore
> has a potential 600 directly attached neighbors; although no
> router has more than 60 links at any one time. Some common
> equipment may handle this just barely; other is wholly
> inadequate.

It sounds to me like what you would really like was something
akin to the "RPF check" as done on multicast traffic for unicast
traffic on your customer routers, perhaps as a per-interface
option.  If this feature existed you would not accept a packet
from a given source and incoming interface unless the box in
question has a route for the source pointing back out the same
interface.  That way you would not get the administrative burden
of maintaining access lists and ensuring they're always in synch
with the local view of the routing system.

Doing this on the customer border routers appears to me to be the
obviously right place.  Doing this in a place where asymmetrical
routing is the norm (as appears to be the case in the current
backbones) is obviously a non-starter.

I think this has been mentioned several times to various providers
in the past without this feature materializing, but one can still
hope.  (It's not unconceivable that the current access products have
not been engineered with sufficient CPU resources to be able to even
perform this task...)

- Håvard



More information about the NANOG mailing list