OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex Zinin (azininNEXSI.COM)
Date: Thu Oct 25 2001 - 15:23:56 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Venkata,

     I can't say I'm a big expert in voice technologies, but I
     think this goes more towards the question of QoS-requirements
     for VoIP. If we don't consider this aspect (and thus make
     this discussion purely hypothetical), there's nothing that
     prevents an IP packet together with its contents to be sent
     over an X.25 cloud. From IP standpoint, X.25 is yet another
     encapsulation method.

     Realistically, legacy X.25 networks would hardly (gently put)
     meet the 150ms delay requirement (not speaking about BW management,
     voice/data prioritization and frame interleaving), so
     the VoIP/X.25 idea itself seems very questionable to me from
     the voice quality perspective. 

    --
Alex Zinin

    Wednesday, October 24, 2001, 4:25:58 PM, Naidu, Venkata wrote:

    > Alex:

    >    A small off-topic clarification, I should have correlated
>    "VoIP and X.25" and definitely not "just IP". We can and do
>    send VoIP over just about every link layer we know of, apart
>    from X.25. I don't know about current status in SIP/H.323 -
>    do you agree?

    > --Venkata Naidu

    ->> Venkata,
->>
->>   An off-topic: IP does run over X.25, I helped building at
->>   least 3 of these :)
->>
->> --
->> Alex Zinin
->>
->> Tuesday, October 09, 2001, 7:17:35 AM, Naidu, Venkata wrote:
->>
->> > Swati:
->>
->> >   More over, (apart from L2 code points) most of the link
->> >   layers don't provide fragmentation and reassembly services.
->>
->> >   IP (not as a protocol but as a technology) supports
->> >   virtually all Layer 2s (except X.25). So the protocols
->> >   running over IP need not worry about services offered
->> >   by IP. There are definite (dis)advantages if we run OSPF
->> >   directly over L2 but advantages over weight. (for example,
->> >   virtual links are not possible if we run OSPF over L2)
->>
->> >   Refer to John Moy's book section 3.2 Design Decisions.
->>
->> > --Venkata Naidu
->>
->> ->> Seema,
->> ->> This is true when you have one spurious OSPF packet. But
->> ->> what when you have
->> ->> hundreds of compromised hosts sending such freak OSPF
->> ->> packets ? With IS-IS
->> ->> or a protocol running over data link layer we can never
->> ->> inject packets
->> ->> multiple hops away!
->> ->>
->> ->> And regarding multicasting, we multicast IS-IS packets
->> ->> within an area.
->> ->>
->> ->> Regards,
->> ->> Swati
->> ->>
->> ->> > Hi Swati,
->> ->> >
->> ->> > Since all OSPF packets can be authenticated, all spurious
->> ->> OSPF packets
->> ->> > can be dropped and not much of time is spent processing
->> ->> these packets.
->> ->> >
->> ->> > As for running OSPF directly over data link layer, this
->> ->> has the inherent
->> ->> > problem where you need to provide code points to access
->> ->> OSPF for each of
->> ->> > the data link protocol types. For eg ( Frame-relay,
->> ->> Ethernet, ATM, PPP
->> ->> > etc). This is one of the reasons why OSPF is run over
->> IP directly.
->> ->> >
->> ->> > The other obvious advantage of running over IP is the
->> ->> ability to use IP
->> ->> > multicast when running over broadcast networks.
->> ->> >
->> ->> > /Seema
->> ->> >
->> ->> >
->> ->> >
->> ->> > Swati Rastogi wrote:
->> ->> > >
->> ->> > > Hi,
->> ->> > > We can inject spurious OSPF packets destined to a router
->> ->> multiple hops
->> ->> away
->> ->> > > as it runs on top of IP. I can send an OSPF packet from
->> ->> my desktop to
->> ->> some
->> ->> > > router in some remote corner of the world [if i have its
->> ->> IP address].
->> ->> This
->> ->> > > way i can combine a lot of compromised systems to inject
->> ->> such malformed
->> ->> OSPF
->> ->> > > packets and bombard them to a vulnerable victim. This
->> ->> way i can exploit
->> ->> the
->> ->> > > protocol wherein some amount of time would be spent in
->> ->> processing all
->> ->> such
->> ->> > > spurious packets.
->> ->> > >
->> ->> > > All this is because i run OSPF over IP, the upside is
->> ->> that we have
->> ->> virtual
->> ->> > > links in OSPF.
->> ->> > >
->> ->> > > Why not design a link state routing protocol which runs
->> ->> over data link
->> ->> layer
->> ->> > > [something similar to ISIS]. This way i may not be able
->> ->> to support
->> ->> virtual
->> ->> > > links but i am protecting myself from such noxious
->> attacks. What
->> ->> advantages
->> ->> > > does OSPF offer in running over IP, except probably that
->> ->> it doesn't need
->> ->> to
->> ->> > > take care of fragmentation, etc.
->> ->> > >
->> ->> > > Regards,
->> ->> > > Swati
->> ->> > >
->> ->> > > _________________________________________________________
->> ->> > > Do You Yahoo!?
->> ->> > > Get your free yahoo.com address at http://mail.yahoo.com
->> ->> >
->> ->> > --
->> ->> > S Seema Rao                             seemaraolucent.com
->> ->> > Infosys - India Development Team        Phone Office:
->> ->> 91-80-8520902 Ext:
->> ->> 6354
->> ->>
->> ->>
->> ->> _________________________________________________________
->> ->> Do You Yahoo!?
->> ->> Get your free yahoo.com address at http://mail.yahoo.com
->> ->>
->>
->>