Re: Autonomous System Sanity Protocol
Noel Chiappa <jnc@ginger.lcs.mit.edu> Tue, 29 April 1997 19:50 UTC
Received: from cnri by ietf.org id aa11043; 29 Apr 97 15:50 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa18436; 29 Apr 97 15:50 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id FAA14799; Wed, 30 Apr 1997 05:39:46 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id FAA14781; Wed, 30 Apr 1997 05:32:49 +1000
Received: from ginger.lcs.mit.edu by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id TA18301; Wed, 30 Apr 1997 05:32:40 +1000 (from jnc@ginger.lcs.mit.edu)
Received: by ginger.lcs.mit.edu id AA07733; Tue, 29 Apr 97 15:29:56 -0400
Date: Tue, 29 Apr 1997 15:29:56 -0400
From: Noel Chiappa <jnc@ginger.lcs.mit.edu>
Message-Id: <9704291929.AA07733@ginger.lcs.mit.edu>
To: jnc@ginger.lcs.mit.edu, tli@jnx.com
Subject: Re: Autonomous System Sanity Protocol
Cc: RADIA_PERLMAN@novell.com, big-internet@munnari.oz.au, jnc@ginger.lcs.mit.edu
Precedence: bulk
From: Tony Li <tli@jnx.com> > see my message about how that's more efficient, in practise, in > an MD system Sorry, I read your messgae. I found nothing there that says squat about that. Well, here's a high-level look at the issue of which is more efficient when you want to secure them. It's a characteristic of MD systems, as opposed to DV systems, that they i) ship less data around, and ii) use more local computational resources. This makes sense, since DV uses a distributed algorithm for doing path-selection, wheras MD doesn't; it uses multiple local algorithms. So, you expect DV to both i) ship more information around, as partial results of the distributed algorithm, and ii) use less local computational resources. However, this tradeoff comes back to bite you when you want to secure the two architectures. Data that comes in from the net you have to verify - whereas you can generally trust your local computations not to be subverted. So, the general characteristics of DV work against it when you want to secure such a system, in that you have to add security overhead to the thing it uses a lot of, i.e. communication outside the box. OTOH, MD systems use sparingly the thing you have to secure. I don't see any point to repeating the details all over again; if it's not already obvious that the single (well, it may be two, if a router-router link fails), small, connectivity updates generated in MD systems when a topology change occurs almost *has* to be less data than a number of (and potentially very numerous) routing table entries generated by a DV system, I don't know what else to say. Second order effects like each routing table update in a path vector system being potentially even more expensive to process due to the need to check each element in the path, we can leave for now - I'mm still puzzling over the conflicting interaction between i) the ability to cache previous results, and ii) the desire to protect against replays (see my recent message to Steve Kent on the IETF list). > But this is all just intellectual fun - fixing any DV system is a waste > of time, I think. So much for dealing with reality. Call me when you return to earth, eh? Our opinions differ as to the utility of further work on DV and MD approaches. Also, I don't feel any to deride people who can't understand that DV is a dead end. I wish everyone could see it as plainly as I (and others) do, but I don't knwo what else I can do except patiently keep explaining it. On a side note, until quite recently, I used to get very upset when I saw people in the IETF (and predecessors) doing something that I just *knew* was technically ill-advised, (e.g. IPv6), but I've come to understand that it doesn't do any good to bang my head on the wall, or get upset about it. It doesn't do anyone any good, least of all me. I just have to be patient and wait. Noel
- Re: Autonomous System Sanity Protocol Bill Manning
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Per Gregers Bilse
- Re: Autonomous System Sanity Protocol Pedro Marques
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Michael Dillon
- Re: Autonomous System Sanity Protocol RADIA PERLMAN
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Jeremy Porter
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Valdis.Kletnieks
- Re: Autonomous System Sanity Protocol Andrew Partan
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Jeff Young
- Re: Autonomous System Sanity Protocol Bill Manning
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Donald E. Eastlake 3rd
- Re: Autonomous System Sanity Protocol Jon Crowcroft
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Donald E. Eastlake 3rd
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Andrew Partan
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol William Allen Simpson
- Re: Autonomous System Sanity Protocol William Allen Simpson
- Re: Autonomous System Sanity Protocol Tim Bass
- Re: Autonomous System Sanity Protocol Jon Crowcroft