On Wed, Dec 5, 2018 at 12:15 AM Mark Andrews <marka@xxxxxxx> wrote:
And the correct thing to do is to FIX THE BROKEN PRODUCT.
If a ssh implementation is broken we don’t drop SSH packets. We fix the broken implementation of ssh.
If there is a SQL injection problem we fix that problem rather than dropping HTTP
and HTTPS packets.
If a router can’t handle all legal packets at line rate the router needs to fixed.
Punting stuff to be processed by the same CPU that process the routing table worked
for a while. There is no rule that says routers can’t have multiple CPUs some of
which are dedicated to handling the control plane and other that deal with everything
else that has been punted. Design the router so that the control plane doesn’t get
overloaded and the exceptional packet get handled.
Generating PTB’s shouldn’t be seen as exceptional. Fragmented packets shouldn’t be
seen as exceptional.
Even if agree that is the way routers SHOULD be designed today. I'm not aware of any that are designed that way.
Further, even if all new router shipped from today on were designed that way, which they are not. It would easily take a decade or more for all the old legacy routers to fade away on the Internet. Those are facts we have to work with.
===============================================
David Farmer Email:farmer@xxxxxxx
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
David Farmer Email:farmer@xxxxxxx
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
