On 11-aug-04, at 13:58, Pekka Savola wrote:
The justification is simple: any "magic" packets which all routers on the path must somehow examine and process seems a very dubious concept when we want to avoid DoS attacks etc. on the core equipment which must run on hardware: effectively this means that either these are ignored in any case (nullifying the use of such options), or put on a "slow path" (causing a potential for DoS). IMHO, it seems just simply bad protocol design to require such behaviour.
Well, think of it this way: by having this option, at least you know you DON'T have to look at all the packets that don't have this option in them. So that's a big fat optimization right there. :-)
Obviously there can be DoS issues here, but these can be managed with rate limiting. Just as long as failure by the router to look at the option can be survived in some fashion by the protocol, there shouldn't be any problems.
Anyway, this is an operational issue. People who don't want their routers to potentially handle all packets in the slow path should have the option of disabling this feature. Removing existing specifications won't do much good here. (As it almost never does.)
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf