Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

IPv4 Router Alert Option

  

 
NANOG users RSS feed   Index | Next | Previous | View Threaded


rbonica at juniper

May 23, 2008, 12:00 PM

Post #1 of 5 (466 views)
Permalink
IPv4 Router Alert Option
Folks,

It is my belief that many ISPs, will not accept datagrams containing the
Router Alert IP option from customers. Do I have that right?

I am asking so that I might better evaluate Internet drafts that would
require ISPs to accept such packets.

Ron Bonica


rs at seastrom

May 23, 2008, 12:29 PM

Post #2 of 5 (437 views)
Permalink
Re: IPv4 Router Alert Option [In reply to]
Ron Bonica <rbonica [at] juniper> writes:

> Folks,
>
> It is my belief that many ISPs, will not accept datagrams containing the
> Router Alert IP option from customers. Do I have that right?

I think that in general, it is safe to say that most folks who run
Internet backbones do not care what options you have on IP packets and
are not filtering anyway. Heck, I've never encountered anything
beyond unicast RPF in terms of SP filtering, and even *that* is not
especially prevalent. If he's reading, Dave Katz will probably be
disappointed to hear that I couldn't even remember what that option
did without referring to RFC2113.

> I am asking so that I might better evaluate Internet drafts that would
> require ISPs to accept such packets.

Do these drafts actually exist, or are they merely hypothetical?

---rob


Valdis.Kletnieks at vt

May 23, 2008, 12:30 PM

Post #3 of 5 (434 views)
Permalink
Re: IPv4 Router Alert Option [In reply to]
On Fri, 23 May 2008 15:00:02 EDT, Ron Bonica said:
> Folks,
>
> It is my belief that many ISPs, will not accept datagrams containing the
> Router Alert IP option from customers. Do I have that right?
>
> I am asking so that I might better evaluate Internet drafts that would
> require ISPs to accept such packets.

What you're likely to find in *reality* is that ISPs will be more than happy
to pass the packets along, but the corporate/consumer firewalls in place
at the ISP's *customers* will stomp on the options (see all the ways that
mismanaged firewalls fail to do ingress/egress filtering of rfc1918 packets,
or think "ICMP Frag Needed" means "This ICMP needs to be fragged", or...).

And it doesn't really matter if it's the ISP or the end site that screws it
up - if it gets thrown away, it gets thrown away.

Unless you had an ISP-specific use for Router Alert, where end-customer
behavior doesn't matter?


morrowc.lists at gmail

May 23, 2008, 12:35 PM

Post #4 of 5 (434 views)
Permalink
Re: IPv4 Router Alert Option [In reply to]
On Fri, May 23, 2008 at 3:30 PM, <Valdis.Kletnieks [at] vt> wrote:
> On Fri, 23 May 2008 15:00:02 EDT, Ron Bonica said:
>> Folks,
>>
>> It is my belief that many ISPs, will not accept datagrams containing the
>> Router Alert IP option from customers. Do I have that right?
>>
>> I am asking so that I might better evaluate Internet drafts that would
>> require ISPs to accept such packets.
>
> What you're likely to find in *reality* is that ISPs will be more than happy
> to pass the packets along, but the corporate/consumer firewalls in place

s/pass the packets/pass the packets that don't harm their network devices/

> at the ISP's *customers* will stomp on the options (see all the ways that
> mismanaged firewalls fail to do ingress/egress filtering of rfc1918 packets,
> or think "ICMP Frag Needed" means "This ICMP needs to be fragged", or...).
>
> And it doesn't really matter if it's the ISP or the end site that screws it
> up - if it gets thrown away, it gets thrown away.
>
> Unless you had an ISP-specific use for Router Alert, where end-customer
> behavior doesn't matter?

router-alert is blocked in many places, I believe (I'm fuzzy on this)
that some vendors allow you to ignore router-alert, which I think is
the preferred option for this option.

-Chris


sean at donelan

May 23, 2008, 2:59 PM

Post #5 of 5 (419 views)
Permalink
Re: IPv4 Router Alert Option [In reply to]
On Fri, 23 May 2008, Ron Bonica wrote:
> It is my belief that many ISPs, will not accept datagrams containing the
> Router Alert IP option from customers. Do I have that right?
>
> I am asking so that I might better evaluate Internet drafts that would
> require ISPs to accept such packets.

Depends on what you mean by the word "accept."

Transit backbone operators have been changing to the position of
protecting their router CPU's from user packets being punted up the
control plane.

If they can forward the packet without going up the control plane, I think
most transit backbones will "accept" the packet and ignore IP options like
Router Alert.

If someone writes a standard to require ISPs to do something besides
ignore an IP option and forward the packet, then you may see ISPs drop
packets instead of punting them to the control plane. For example,
packets with IP Source Route options.

Router# conf t
Router(config)# ip options ignore
Router(config)# exit
Router# write mem

As Chris mentions, packets with IP options are likely to have more
problems crossing firewalls/security devices or even simple
NAT/middle-boxes.

I don't remember who, but someone once suggested if we could go back
in time to the late 1970's and redo the Internet Protocol we would
get rid of all IP options and made IP addresses 64 bits and classless
from the beginning.

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.