On Dec 4, 2018, at 11:00 PM, David Farmer <[email protected]> wrote:
>> Punting stuff to be processed by the same CPU that process the routing table
>> worked
>> for a while. There is no rule that says routers can’t have multiple CPUs
>> some of
>> which are dedicated to handling the control plane and other that deal with
>> everything
>> else that has been punted. Design the router so that the control plane
>> doesn’t get
>> overloaded and the exceptional packet get handled.
>>
>> Generating PTB’s shouldn’t be seen as exceptional. Fragmented packets
>> shouldn’t be
>> seen as exceptional.
>
> Even if agree that is the way routers SHOULD be designed today. I'm not aware
> of any that are designed that way.
>
> Further, even if all new router shipped from today on were designed that way,
> which they are not. It would easily take a decade or more for all the old
> legacy routers to fade away on the Internet. Those are facts we have to work
> with.
Then THAT is the security issue. Not the packets that cause a broken
implementation to have problems.
Joe
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
