On Dec 4, 2018, at 11:00 PM, David Farmer <farmer@xxxxxxx> wrote:
Punting stuff to be processed by the same CPU that process the routing table worked
for a while. There is no rule that says routers can’t have multiple CPUs some of
which are dedicated to handling the control plane and other that deal with everything
else that has been punted. Design the router so that the control plane doesn’t get
overloaded and the exceptional packet get handled.
Generating PTB’s shouldn’t be seen as exceptional. Fragmented packets shouldn’t be
seen as exceptional.
Even if agree that is the way routers SHOULD be designed today. I'm not aware of any that are designed that way.
Further, even if all new router shipped from today on were designed that way, which they are not. It would easily take a decade or more for all the old legacy routers to fade away on the Internet. Those are facts we have to work with.
Then THAT is the security issue.. Not the packets that cause a broken implementation to have problems.
