amb at gxn.net
Mon Sep 13 21:02:59 UTC 1999
> Additionally _no_ exising IGP has anything resembling protection
> from malfunctioning routing software _or_ malicious or negligient
> operators of host-based rotuing software. I had to track down people
Not entirely true - host based routing software run by users
who aren't meant to be running it can be superficially guarded
against by using authentication keys, or by sensible design
(i.e. don't run IGPs on links with hosts on, or filter them out,
possibly at L2). In any case, if your users want to be malicious
with "routing" (in the broadest sense), ARP is a fabulous
user-available protocol that is easier to break a LAN with
than an IGP, and such evilnesses as proxy-ARP making this
doubly easy for the clue-free. Indeed CDMA media are notoriously
easilly breakable as you note...
> to go up and down. A typical scenario can be like: connecting a PC
> with a broken NIC card to an Ethernet segment can easily cause massive
...entirely without the aid of IGPs. Your point is (I take it) that
IGPs react to magnify the damage. Your next point is:
> In other words, dynamic routing is very brittle, and requires quite
> a lot of care to make sure it works right, and that a single-point
> Did you notice that it takes a highly trained specialist with appropriate
> (and rather expensive) equipment to diagnose and fix a problem in a Mercedes?
> A hammer and few expletitives usually suffice for a Packard.
Yes, but this is because IGPs react in a predictably clueless manner.
Static routing requires network operators to work round connectivity
failures, to load balance, and to distribute configurational reachability
information. Unfortunately, as you note later in your email, there
is a tendancy for network operators to operate in an *un*predictably
clueless manner. This is even worse than an IGP. I've seen networks
configured completely with static routes that only worked because
of proxy ARP (every defused a live bomb?).
> problems. An average corporate MIS department is best characterized as
> In other words, you're advising kids who don't yet know how to hold a
> hammer to start using chain saw. In a situation like that i would
> expect a lot of cut-off bodily parts.
That depends on how easy the IGP is to misconfigure compared to
the static routing, and probably depends on the size of the network,
the number of possible valid paths, and the rate of (configurational)
change. For a small network you are correct (think UIs where
all IGPs required typing the magic incantation "ip classless" and
"ip subnet-zero" and how many support desk calls *that* incorrect
default caused). For large networks, even if the IGP falls apart
totally when one link flaps, its disfunctionality may be less than
the clueless operators ability to break static routing. IMHO OSPF
isn't too bad here, as (a) hosts in general don't try and speak
it by default (b) the configuration (even if you put it all in
area 0) is difficult for the clueless to substantially break, and
(c) provided you've protected your host LANs from things which
would break them anyway, it adds minimal collateral damage and
gives reasonably easy reconfiguration.
Clueful use of IGPs, or statics, hammers, chain-saws etc. is,
however, always preferably to their use without clue. And people
only get real clue with IGPs by seeing them melt, which normally
means (mis)using them.
GX Networks (formerly Xara Networks)
More information about the NANOG