Re: 16 year old bug

To: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: 16 year old bug
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Tue, 24 Aug 2010 00:18:00 -0400

On Aug 24, 2010, at 12:02 42AM, der Mouse wrote:

>> Was [running my house LAN with a noncontiguous netmask], for
>> practical purposes, unsupportable?  Was it something likely to cause
>> subtle bugs all over the networking stack?  Was it something
>> obsoleted more or less 20 years ago?  All yes.
> 
> Actually, no.
> 
> Unsupportable?  I don't see anything unsupportable about it.  Every
> system I tried (which admittedly wasn't all that many) supported it
> fine.  Even today, I tried NetBSD 4.0.1 (the most recent I have easy
> admin access to) and it appeared to support it as well as whatever I
> was using at the time did - though admittedly I didn't actually verify
> that packets were routed the way the resulting routing table implied.
> 
> Likely to cause bugs?  Nonsense.  Likely to expose existing bugs,
> perhaps.  Do you not consider exposing existing bugs a good thing?
> I know I certainly do.
> 
> Obsoleted 20 years ago?  Perhaps.  Strikes me as pretty functional and
> useful for an "obsoleted" feature.  Besides, this _was_ 20 years ago -
> well, actually more like 15±5; I didn't have much of a house LAN
> before maybe 1991, and I stopped using the address space this was
> embedded in sometime around 2000-2001.

The problem is, as has been noted, the lack of a good definition of the routing 
table with mixed prefixes.  If everyone uses a mask of, say, 0xA596695A, it all 
just works.  But if some routers use 0xA95696A5 and others use 0xA596695A, the 
semantics are unclear.

Variable-length masks are not simply a matter of the enterprise/ISP boundary.  
They can and do occur within an organization.  My own department has at least 3 
different prefix lengths.  And that problem is old -- I'm sure other folks 
who've been in this racket for a while remember the SUBNETSARELOCAL kernel 
configuration option.

Non-contiguous masks can indeed be useful, albeit only in specialized 
topologies and networks.  I could have used them in a paper I published just 
1.5 years ago.  The trouble is that they conflicted with the routing table 
definition necessary for CIDR, and CIDR was and is necessary for the survival 
of the Internet.

None of this, however, has any relationship to what the original poster said, 
which is that the current code is also used in IPsec and has a performance bug. 
  And *that* is completely unrelated to whether or not non-contiguous masks are 
a good idea!

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: 16 year old bug
  - From: Johnny Billquist
- Re: 16 year old bug
  - From: der Mouse

References:
- Re: 16 year old bug
  - From: Dennis Ferguson
- 16 year old bug
  - From: Christoph Egger
- Re: 16 year old bug
  - From: Tom Spindler
- Re: 16 year old bug
  - From: der Mouse
- Re: 16 year old bug
  - From: Robert Elz
- Re: 16 year old bug
  - From: der Mouse
- Re: 16 year old bug
  - From: Perry E. Metzger
- Re: 16 year old bug
  - From: der Mouse

Prev by Date: Re: 16 year old bug
Next by Date: Re: 16 year old bug
Previous by Thread: Re: 16 year old bug
Next by Thread: Re: 16 year old bug
Indexes:

Home | Main Index | Thread Index | Old Index