Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!pasteur!ucbvax!NCNOC.TUCC.EDU!jrr From: jrr@NCNOC.TUCC.EDU (Joe Ragland) Newsgroups: comp.sys.proteon Subject: Re: p4200 routing Message-ID: <8812291544.AA11625@ncnoc.tucc.edu> Date: 29 Dec 88 15:44:32 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 44 p4200 folks, I think I am ready to draw this recent discussion to an end or at least my participation in it by saying thanks to all who took their time to give us their input. Also, I've learned some things I'd like to share with you. When I was drug into the IP world I was first told that one most important functions of a gateway was the firewall function. It protects your network from mine and my network from yours and forwards only those packets or datagrams that meet some test of conformity and validity. Then, there was no definitive document that detailed what is involved in the process, only general notions of routing and some discussion of various protocols involved. Now we have RFC-1009 and I am pleased it is explicit in marking packets addresses to net 127 as bogons to be short circuited at the gateway. When RFC-1009 came out I retrieved a copy, printed a copy, and then set it aside saying I should read it some day when I get the time. My thinking then was that this RFC is important to those designing gateways and writing code for such purposes but since I am doing neither it is of less importance to me. That was a mistake. If I had read it I at least might have remembered some reference to net 127. What I reacted to was a crack in the p4200 firewall. As I reflect on this discussion I come to the conclusion that all of us involved directly in the gateway game need to read carefully RFC-1009. It is up to those of us with networking responsibilities to enforce standards and requirements as they evolve by insisting that vendors have met those standards when we are out to procure the next set of gateway boxes. Otherwise, Braden and Postel have wasted their time and we are in for a heap of trouble down the road trying to interoperate especially in view of plans for NSFNET, RIB, DRI, various agency and academic networks. In general the p4200 does a good job of firewalling and a nice job of reporting events in this regard. It could use a bit more attention in this respect so I trust someone at Proteon is listening. I'd be surprised if Cisco and other gateway vendors don't read comp.sys.proteon too so there is some message here I think for all. Happy gatewaying in the new year. Joe