Subject: Re: making our tcp/ip a strong-end system
To: None <Havard.Eidnes@runit.sintef.no>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-net
Date: 11/18/1998 10:43:32
> Hm, if I have understood what the "strong host model" is about, I
> think there is a place for a "strong router model" too. The
> corresponding function in a router would be to refuse to forward
> a packet entering an interface if the router did not have a route
> for the source address in the packet pointing back out the same
> interface the packet entered on.
two comments:
1) I'd call that a "leaf router" (or maybe "branch router") model, as
it assumes symmetric routing, which isn't a reasonable assumption in
the presence of redundant paths.
2) "leaf-router" vs. "strong host" vs. .. status should be on a
per-interface basis.
example:
my `router' has four interfaces:
- ep0, connected to MediaOne as a `host'
- ex0, connected to my home ethernet
- wl0, connected to my home wireless net
- ppp0, a tunnel endpoint.
(for a PPP-over-SSH tunnel to my employer's net,
which goes out over ep0...)
ep0 should be a `strong host' interface; i don't want someone
to be able to forge traffic into my home LANs just because
they know the external address of my router..
i need to route between the nets hooked up to wl0 and ex0,
but both of them are leaf nets..
- Bill