[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ip options
:-)
----- Original Message ----
From: joel jaeggli <joelja at bogus.com>
To: Ron Bonica <rbonica at juniper.net>
Cc: nanog <nanog at nanog.org>
Sent: Wed, November 4, 2009 3:41:26 AM
Subject: Re: ip options
How about unused and/or private/local diffserve code points?
Ron Bonica wrote:
> Folks,
>
> I would love to see the IETF OPSEC WG publish a document on the pros and
> cons of filtering optioned packets.
>
> Would anybody on this list be willing to author an Internet Draft?
>
>? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Ron
>? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (co-director IETF O&M Area)
>
> Luca Tosolini wrote:
>> Experts,
>> out of the well-known values for ip options:
>>
>> X at r4# set ip-options ?
>> Possible completions:
>>? <range>? ? ? ? ? ? ? Range of values
>>? [? ? ? ? ? ? ? ? ? ? Open a set of values
>>? any? ? ? ? ? ? ? ? ? Any IP option
>>? loose-source-route? Loose source route
>>? route-record? ? ? ? Route record
>>? router-alert? ? ? ? Router alert
>>? security? ? ? ? ? ? Security
>>? stream-id? ? ? ? ? ? Stream ID
>>? strict-source-route? Strict source route
>>? timestamp? ? ? ? ? ? Timestamp
>>
>> I can only think of:
>> - RSVP using router-alert
>> - ICMP using route-record, timestamp
>>
>> But I can not think of any other use of any other IP option.
>> Considering the security hazard that they imply, I am therefore thinking
>> to drop them.
>>
>> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
>> Thanks,
>> Luca.
>>
>>
>>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
- References:
- ip options
- From: rbonica at juniper.net (Ron Bonica)
- ip options
- From: joelja at bogus.com (joel jaeggli)