[104966] in North American Network Operators' Group
Re: Types of packet modifications allowed for networks
daemon@ATHENA.MIT.EDU (Darryl Ross)
Mon Jun 2 08:55:18 2008
Date: Mon, 02 Jun 2008 22:24:48 +0930
From: Darryl Ross <spam@afoyi.com>
To: "Darden, Patrick S." <darden@armc.org>
In-Reply-To: <CBE22E5FF427B149A272DD1DDE107524023684A1@EX2K3.armc.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Darden, Patrick S. wrote:
> --packet fragmentation due to inconsistent MTUs and/or bandwidth (e.g. moving from ATM at 150Mbps to a fractional DS3 at 3.088Mbps)
MTUs yes, bandwidth no. Bandwidth congestion at the boundary to a slower
network will cause buffering and dropped packets, not a fragment. Trying
to fit a jumbo frame packet into a standard MTU network _will_ (if the
DF bit is not set).
> --ttl changes from hop to hop
Decrements, yes.
> --dest ip changes from hop to hop
Say what? The L2 address might change at each hop (eg, MAC address of
the next gateway in ethernet type networks) but the L3 destination
address, which is the "destination IP", certainly doesn't. If it did how
would the packet ever get to where it was sent?
> --PAT/NAT changes in last network borders (e.g. routing traffic to appropriate endpoints (servers) or starting points (workstations))
NAT/PAT can occur at any point in the network, but is most common at the
edges.
> --PAT/NAT changes in "last" host (e.g. it hits ext ip port 4443, gets changed to newip:443 and forwarded on)
Same.
> --firewall changes in buffer/mother network (e.g. protective network or DMZ)--these could be almost anything, most frequent would be morons who completely block ICMP--you should probably count anti-spam and anti-virus (layer 4 but affects layer 3 dramatically) but these are usually advertised features subscribed to by the customers (as opposed to secret "features" that only come out due to customer outrage)
This is rather common, especially things like resetting the QOS bits,
clearing the DF flag, etc.
> --header checksum changes after contents changes (e.g. dip at a router)
TTL being decremented is enough.
Cheers
Darryl
--
Darryl Ross, VK5FUNE
Director, AFOYI, "Information Technology Solutions"
p +61 8 7127 1831
f +61 8 8425 9607
e darryl@afoyi.com
