[100929] in North American Network Operators' Group
Re: Another question on rfc1918
daemon@ATHENA.MIT.EDU (Randy Bush)
Fri Nov 23 18:55:13 2007
Date: Sat, 24 Nov 2007 02:54:03 +0300
From: Randy Bush <randy@psg.com>
To: Michael Painter <tvhawaii@shaka.com>
CC: nanog@merit.edu
In-Reply-To: <002401c82e1b$1aac6700$82067ece@DELL16>
Errors-To: owner-nanog@merit.edu
aloha michael,
i realize that good practice many not be general practice, but ...
lsr is encouraged at routers bordering with bgp peers for debugging
purposes, i.e. so that A may learn B's routing towards C without
calling/writing/bothering B's engineers.
but lsr really should be blocked at hosts, e.g.
# grep lsr /etc/ipfw.rules
add deny log all from any to any ipoptions ssrr,lsrr,rr
i am not aware of a similar common use case for ssr.
randy
