North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New router feature - icmp error source-interface [was: icmp rpf]
On Sep 25, 2006, at 5:40 PM, Richard A Steenbergen wrote: I have not read the RFC in full, but after chatting with Daniel offline (see, some people actually do talk without posting! :), I believe this only applies to packets addressed to the router.On Mon, Sep 25, 2006 at 09:22:34AM -0400, Patrick W. Gilmore wrote:You know I was just having this discussion with someone else a couple daysOn Sep 25, 2006, at 9:06 AM, Ian Mason wrote:Who thinks it would be a "good idea" to have a knob such that ICMPICMP packets will, by design, originate from the incoming interface used by the packet that triggers the ICMP packet. Thus giving an interface an address is implicitly giving that interface the ability to source packets with that address to potential anywhere in the Internet. If you don't legitimately announce address space then sourcing packets with addresses in that space is (one definition of) spoofing. Since packets going -through- the router have absolutely no guarantee what source will be used coming back, I don't seen an issue here. Just change the idea such that it only is used for error messages to packets where the dest addy is not an interface on the router. Also, this makes traceroute -easier- to use. Suddenly all interfaces on the same router have the same IP address, thereby making it easy to tell if two traceroutes intersect, even if they use different interfaces. Oh, and who said RFCs can't be updated? :-) Please stop talking about networking on NANOG, you're confusing people. :)(Unless, of course, I get 726384 "you are off-topic" replies, in which case I withdraw the suggestion.) I knew someone would flame me for it. :) -- TTFN, patrick
|