[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: network controls are necessary

To: Tony Li <Tony.Li@procket.com>
Subject: RE: network controls are necessary
From: "Craig A. Huegen" <chuegen@cisco.com>
Date: Mon, 9 Dec 2002 16:12:17 -0600 (Central Standard Time)
Cc: sommerfeld@orchard.arlington.ma.us, "Joel M. Halpern" <joel@stevecrocker.com>, <multi6@ops.ietf.org>
In-reply-to: <D2EC481073504E498A8DB9C0687E8CAF04D22A08@EXCHANGE0-0.na.procket.com>

On Mon, 9 Dec 2002, Tony Li wrote:

> Oy.  I think the thought was that the routing system would detect the
> loss of connectivity via the locator and would send an ICMP unreachable,
> which would then trigger a switch to an alternate locator.

I'm slightly concerned about the security/DoS implications of allowing
unsolicited messages to vastly affect connectivity, even though some
topologies support the use of ingress filtering and unicast-RPF to
mitigate.

I'm also concerned with the network device having to send back all those
ICMP messages in response to active traffic in case of a major link
failing.

/cah

---
Craig A. Huegen, Chief Network Architect      C i s c o  S y s t e m s
IT Transport, Network Technology & Design           ||        ||
Cisco Systems, Inc., 400 East Tasman Drive          ||        ||
San Jose, CA  95134, (408) 526-8104                ||||      ||||
email: chuegen@cisco.com       CCIE #2100      ..:||||||:..:||||||:..

References:
- RE: network controls are necessary
  - From: "Tony Li" <Tony.Li@procket.com>

Prev by Date: RE: network controls are necessary
Next by Date: RE: Next question...
Previous by thread: Re: network controls are necessary
Next by thread: RE: network controls are necessary
Index(es):
- Date
- Thread