Loose Source Routing
Jared Mauch
jared at puck.Nether.net
Tue Mar 6 19:40:13 UTC 2001
On Tue, Mar 06, 2001 at 09:49:47AM -0800, David McGaugh wrote:
> What are people's feelings on loose source routing? The general
> sentiment around here is that it is a very evil thing. The reason I ask
> is that there is a certain network out there (who will remain nameless)
> who refuses to peer unless loose source routing is enabled. I can
> somewhat understand their reasoning (they can reroute traffic on OUR
> network as necessary) but the security implications far out way the
> benefits. Not only this I'm not comfortable with an outside source
> having control over routing on our network anyway.
Huh?
The reason to permit this is to verify peering policy. This
allows people to traceroute to verify packet path. Example:
I announce 172.16.0.0/16 only. I want to verify that you are not
pointing default at me, so I can do a loose source
traceroute to 10.0.0.0 via the peering point.
Most peoples peering policies that I'm aware of only required that
it be enabled at the edge (peering/nap router).
- Jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG
mailing list