Loose Source Routing

• Previous message (by thread): Loose Source Routing
• Next message (by thread): Loose Source Routing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 06, 2001 at 09:49:47AM -0800, David McGaugh wrote:
> What are people's feelings on loose source routing? The general
> sentiment around here is that it is a very evil thing. The reason I ask
> is that there is a certain network out there (who will remain nameless)
> who refuses to peer unless loose source routing is enabled. I can
> somewhat understand their reasoning (they can reroute traffic on OUR
> network as necessary) but the security implications far out way the
> benefits. Not only this I'm not comfortable with an outside source
> having control over routing on our network anyway.

	Huh?

	The reason to permit this is to verify peering policy.  This
allows people to traceroute to verify packet path.  Example:
I announce 172.16.0.0/16 only.  I want to verify that you are not
pointing default at me, so I can do a loose source 
traceroute to 10.0.0.0 via the peering point.

	Most peoples peering policies that I'm aware of only required that
it be enabled at the edge (peering/nap router).

	- Jared

--
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

• Previous message (by thread): Loose Source Routing
• Next message (by thread): Loose Source Routing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]