Loose Source Routing

David_McGaugh · March 6, 2001, 5:49pm

What are people's feelings on loose source routing? The general
sentiment around here is that it is a very evil thing. The reason I ask
is that there is a certain network out there (who will remain nameless)
who refuses to peer unless loose source routing is enabled. I can
somewhat understand their reasoning (they can reroute traffic on OUR
network as necessary) but the security implications far out way the
benefits. Not only this I'm not comfortable with an outside source
having control over routing on our network anyway.
-Dave

Jared_Mauch · March 6, 2001, 7:40pm

Huh?

The reason to permit this is to verify peering policy. This
allows people to traceroute to verify packet path. Example:
I announce 172.16.0.0/16 only. I want to verify that you are not
pointing default at me, so I can do a loose source
traceroute to 10.0.0.0 via the peering point.

Most peoples peering policies that I'm aware of only required that
it be enabled at the edge (peering/nap router).

- Jared

Alan_Hannan5 · March 6, 2001, 8:41pm

It makes sense to require peers to allow LSTR through their peer's
networks.

  Any badness that LSTR would allow seems to pale in comparison to A>
  Peer's need to check policy compliance and operational troubleshooting,
  and B> other nefarious things that can be done and not solved.

-a

Thus spake David McGaugh (david_mcgaugh@eli.net)
on or about Tue, Mar 06, 2001 at 09:49:47AM -0800:

What are people's feelings on loose source routing? The general
sentiment around here is that it is a very evil thing. The reason I ask
is that there is a certain network out there (who will remain nameless)
who refuses to peer unless loose source routing is enabled. I can
somewhat understand their reasoning (they can reroute traffic on OUR
network as necessary) but the security implications far out way the
benefits. Not only this I'm not comfortable with an outside source
having control over routing on our network anyway.
-Dave
--
+------------------------------+
Dave McGaugh, CCNA
Peering & IP Backbone Engineer
Electric Lightwave, Inc.
E-mail: dmcgaugh@eli.net
Direct Dial: 360.816.3718
Fax: 360.816.3522
+------------------------------+

Content-Description: Card for David McGaugh

Randy_Bush3 · March 6, 2001, 10:54pm

What are people's feelings on loose source routing? The general
sentiment around here is that it is a very evil thing. The reason I ask
is that there is a certain network out there (who will remain nameless)
who refuses to peer unless loose source routing is enabled. I can
somewhat understand their reasoning (they can reroute traffic on OUR
network as necessary)

false. the reason is that our noc can debug your routing problem without
going through the problems of getting intelligent cooperation from your
noc.

randy

David_McGaugh · March 6, 2001, 11:59pm

Thanks for all the great input, minus the somewhat uncivil comments of
some!
-Dave

Randy Bush wrote:

Walters · March 7, 2001, 3:19am

false. the reason is that our noc
can debug your routing problem without
going through the problems of getting
intelligent cooperation from your noc.

randy

Couldn't this be restricted to originate from certain
hosts with certain identities? (Have the peer noc
authenticate and then just log usage?)

One side gains troubleshooting and policy verification
the other gets non-repudiation and an audit trail.

-bradly