[ih] Exterior Gateway Protocol

tony.li at tony.li tony.li at tony.li
Fri Sep 4 15:13:34 PDT 2020


Jack,


> I haven't followed all of the subsequent routing ideas and
> implementations, but I assume they continue to use "in-band" designs. 
> So if you can read this message, the answer to that experimental
> question is apparently "Yes, it works!”


Yes, it works. Sorta.

In-band signaling was fine when we had a cooperative community.  Once the Internet hit the mainstream,
it has been seriously problematic. DoS attacks to all control protocols are the daily norm. Forgery of control traffic is
trivial and easy. We’ve had to put hardware in place to help alleviate some of these symptoms.

ICMP is frequently used for DoS attacks, so most folks block it. This renders PMTUD ineffective.

Net net: the decision to go to in-band signaling needed to be coupled with a decision to secure signaling,
either by crypto or by piggybacking it on the transport protocol itself (with crypto there too). 
And again, an overall security architecture is sorely missing.

Regards,
Tony




More information about the Internet-history mailing list