[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RAM] Tunnelling Route Reduction Protocol

To: "Noel Chiappa" <jnc at mercury.lcs.mit.edu>
Subject: Re: [RAM] Tunnelling Route Reduction Protocol
From: "William Herrin" <bill at herrin.us>
Date: Wed, 22 Aug 2007 19:08:07 -0400
Cc: ram at iab.org
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=bYJGbhsNMCL+z+4/opkYNj/j0zWy6bD397KOxW6powM8O1MiCZgIucVpeKMRDxolI0X5g3rt2ODly4lB+dUnueVOJmYzV6NK7WgJj4MK9R09z/pSR9ftWbcV1B/KicuisGLwHGVWpsY40hBo2CDkvtZgDMTcG7pQRXJrQEvRUWc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=UFMRMmZJ5p4XBPxzdMZpkRmCYUzgozvxs1bRqxw6sx9ECkuO6fhVbVbsFQpmxEadJHU5aCFj6v1p7s/OcR9zk/q0OEEbw6WDJD9IUiQembyj1GNghvsQ1QOvl8KSfmyHJpIR460JBzRifKNgFhxcw/AJUYh/nn/FzFJldbmfpDo=
In-reply-to: <20070822145350.90D7887303@mercury.lcs.mit.edu>
List-archive: <http://www1.ietf.org/pipermail/ram>
List-help: <mailto:ram-request@iab.org?subject=help>
List-id: Routing and Addressing Mailing List <ram.iab.org>
List-post: <mailto:ram@iab.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=unsubscribe>
References: <20070822145350.90D7887303@mercury.lcs.mit.edu>

On 8/22/07, Noel Chiappa <jnc at mercury.lcs.mit.edu> wrote:
>     > Wouldn't that be 49.95%? Half of all first packets tend to be responses
>     > such as SYN/ACK that involve no DNS lookup. For a server handling
>     > thousands of requests per second, adding a lookup means holding
>     > thousands of TCBs in a wait state for the duration of the lookup.
>
> True, but there's an obvious path to take in looking for delay improvments,
> which is to 'piggyback' the reverse mapping information on the connection
> opening.

Hi Noel,

I considered such an approach. There are several potential problems
but the most serious is authentication. I can generally trust a
response to my own query that followed the authoritative server chain.
Theoretically a man-in-the-middle attack is possible, but
operationally it has proven to be a non-issue. I can never trust data
encoded in a random received packet to give me valid route to a
particular destination without first applying a fairly elaborate
authentication scheme.

Regards,
Bill Herrin

-- 
William D. Herrin                  herrin at dirtside.com  bill at herrin.us
3005 Crane Dr.                        Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

_______________________________________________
RAM mailing list
RAM at iab.org
https://www1.ietf.org/mailman/listinfo/ram

References:
- Re: [RAM] Tunnelling Route Reduction Protocol
  - From: Noel Chiappa

Prev by Date: Re: [RAM] Tunnelling Route Reduction Protocol
Next by Date: Re: [RAM] Tunnelling Route Reduction Protocol
Previous by thread: Re: [RAM] Tunnelling Route Reduction Protocol
Next by thread: Re: [RAM] Tunnelling Route Reduction Protocol
Index(es):
- Date
- Thread