Re: Dumb vs. smart host routing


Steven Bellovin (ulysses!smb@ucbvax.Berkeley.EDU)
12 May 88 15:36:52 GMT


One problem I see is that ICMP Redirect is largely useless. It's only
useful for the first gateway along the way to tell the originating host
to use a different gateway; it can't be used to tell an intermediate
gateway what the proper next hop is. That is, assume we have a large
LAN behind a single gateway G to the Internet. If a host H on that LAN wants
to talk to host H' on another LAN behind another gateway G', all
H can do is send the packets to G. G must know that G' is the proper
next hop; if it chooses to use G'' instead, G'' cannot send an ICMP
Redirect. Or rather, it can, but the Redirect will go to H, which can't
do anything but send to G no matter what it receives. G'' doesn't know
that the packet came from G, and hence can't advise G of the proper route.
(To be sure, RFC1009 says that gateways within an autonomous system
can use Redirects among themselves, but that's not a standardized
use for the Internet.)

The conclusion of all this is that local gateways must be extremely
smart. The current scheme, with EGP, works well enough in the current
environment, where there's one central net (ARPANET+MILNET); it would
fail miserably if there were a large number of interconnected backbone
nets.

I'm not certain what to do about the problem. If Record Route were used
more, or Loose Source route, a host could handle such a redirect more
intelligently. (Of course, under the current spec it wouldn't be sent.)
Perhaps we need a new option, ``Last Hop''; it would tell each gateway
the immediate predecessor gateway to be advised of a routing correction.
Then we'd need some new sort of Redirect message, possibly one that includes
a loose source route, rather than just a simple gateway address. The
combination of these might even allow a very smart gateway to straighten
out twisty paths, though I'm not sure that that's feasible. And the
security implications of enhanced Redirects needs to be considered very
carefully.

                        --Steve Bellovin
                        ulysses!smb
                        smb@ulysses.att.com



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:42:14 GMT