[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: 16 year old bug
On Aug 24, 2010, at 12:02 42AM, der Mouse wrote:
>> Was [running my house LAN with a noncontiguous netmask], for
>> practical purposes, unsupportable? Was it something likely to cause
>> subtle bugs all over the networking stack? Was it something
>> obsoleted more or less 20 years ago? All yes.
> Actually, no.
> Unsupportable? I don't see anything unsupportable about it. Every
> system I tried (which admittedly wasn't all that many) supported it
> fine. Even today, I tried NetBSD 4.0.1 (the most recent I have easy
> admin access to) and it appeared to support it as well as whatever I
> was using at the time did - though admittedly I didn't actually verify
> that packets were routed the way the resulting routing table implied.
> Likely to cause bugs? Nonsense. Likely to expose existing bugs,
> perhaps. Do you not consider exposing existing bugs a good thing?
> I know I certainly do.
> Obsoleted 20 years ago? Perhaps. Strikes me as pretty functional and
> useful for an "obsoleted" feature. Besides, this _was_ 20 years ago -
> well, actually more like 15±5; I didn't have much of a house LAN
> before maybe 1991, and I stopped using the address space this was
> embedded in sometime around 2000-2001.
The problem is, as has been noted, the lack of a good definition of the routing
table with mixed prefixes. If everyone uses a mask of, say, 0xA596695A, it all
just works. But if some routers use 0xA95696A5 and others use 0xA596695A, the
semantics are unclear.
Variable-length masks are not simply a matter of the enterprise/ISP boundary.
They can and do occur within an organization. My own department has at least 3
different prefix lengths. And that problem is old -- I'm sure other folks
who've been in this racket for a while remember the SUBNETSARELOCAL kernel
Non-contiguous masks can indeed be useful, albeit only in specialized
topologies and networks. I could have used them in a paper I published just
1.5 years ago. The trouble is that they conflicted with the routing table
definition necessary for CIDR, and CIDR was and is necessary for the survival
of the Internet.
None of this, however, has any relationship to what the original poster said,
which is that the current code is also used in IPsec and has a performance bug.
And *that* is completely unrelated to whether or not non-contiguous masks are
a good idea!
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Main Index |
Thread Index |