As is known, each object distributed CS should have the address, unique identifying him. In order for a message from one object has been transferred to another facility of the system, it must pass through a chain of routers, whose task analyzing the destination address in the message, select the optimal route and, from him to forward the package or the next router or directly to the subscriber if it is directly connected to this site.
Thus, the route to the object is a chain of nodes traversed by the message.
This task, on the one hand, we can solve by introducing additional identification of messages on the other, higher-level OSI. Thus, addressing is carried out at the network level, and additional identification, such as transport. However, this solution is not to avoid the problem of control over the creation of connections, since the identification of additional subscribers will be possible only after the establishment of the connection.
Therefore, the developers of the distributed CS can offer the following solutions to the problem.
In the first case, the function checks the authenticity of the sender's address could be allocated to the router. It's easy to do, because the router can track where the packet came to him (from another router, or from the connected host of the subnets directly connected to this router).
The router can verify that the sender address with the address of the appropriate subnet from which the message arrived. In the case that a message is sent on, and otherwise - is filtered out.
This method allows the initial stage of drop packets with invalid sender addresses. Another variant of the solution may be to create a special packet header fields, where each router through which the packet enters the routing information (part of the address, for example).
In this case, the first router, which received a package that captures information about the network class (A, B, C), where the packet came. Nevertheless, the introduction of the package addresses of all traversed the path of routers to be a suboptimal solution, since in this case is difficult to determine in advance the maximum size of the packet header.
When the message reaches the final destination in the header will be fully marked traveled route. By this route, regardless of the specified package of network addresses of the sender, you can, firstly, to within a subnet to identify the authenticity of addresses and, secondly, to determine with accuracy the true subnet address. So, having received a similar message with the specified route network operating system analyzes the route and verifies the authenticity of the sender.
In the event of the unreliability of the packet is discarded.