[119007] in North American Network Operators' Group
Re: ip options
daemon@ATHENA.MIT.EDU (isabel dias)
Wed Nov 4 09:55:41 2009
Date: Wed, 4 Nov 2009 06:54:43 -0800 (PST)
From: isabel dias <isabeldias1@yahoo.com>
To: joel jaeggli <joelja@bogus.com>, Ron Bonica <rbonica@juniper.net>
In-Reply-To: <4AF0F7E6.7040809@bogus.com>
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
:-)=0A=0A=0A=0A----- Original Message ----=0AFrom: joel jaeggli <joelja@bog=
us.com>=0ATo: Ron Bonica <rbonica@juniper.net>=0ACc: nanog <nanog@nanog.org=
>=0ASent: Wed, November 4, 2009 3:41:26 AM=0ASubject: Re: ip options=0A=0AH=
ow about unused and/or private/local diffserve code points?=0A=0A=0ARon Bon=
ica wrote:=0A> Folks,=0A> =0A> I would love to see the IETF OPSEC WG publis=
h a document on the pros and=0A> cons of filtering optioned packets.=0A> =
=0A> Would anybody on this list be willing to author an Internet Draft?=0A>=
=0A>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 Ron=0A>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 (co-director IETF O&M Area)=0A> =0A> Luca Tosolini wrote:=
=0A>> Experts,=0A>> out of the well-known values for ip options:=0A>>=0A>> =
X@r4# set ip-options ? =0A>> Possible completions:=0A>>=A0 <range>=A0 =A0 =
=A0 =A0 =A0 =A0 =A0 Range of values=0A>>=A0 [=A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 Open a set of values=0A>>=A0 any=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
=A0 Any IP option=0A>>=A0 loose-source-route=A0 Loose source route=0A>>=A0=
route-record=A0 =A0 =A0 =A0 Route record=0A>>=A0 router-alert=A0 =A0 =A0 =
=A0 Router alert=0A>>=A0 security=A0 =A0 =A0 =A0 =A0 =A0 Security=0A>>=A0 s=
tream-id=A0 =A0 =A0 =A0 =A0 =A0 Stream ID=0A>>=A0 strict-source-route=A0 St=
rict source route=0A>>=A0 timestamp=A0 =A0 =A0 =A0 =A0 =A0 Timestamp=0A>>=
=0A>> I can only think of:=0A>> - RSVP using router-alert=0A>> - ICMP using=
route-record, timestamp=0A>>=0A>> But I can not think of any other use of =
any other IP option.=0A>> Considering the security hazard that they imply, =
I am therefore thinking=0A>> to drop them.=0A>>=0A>> Is any other ip option=
s used by: ospf, isis, bgp, ldp, igmp, pim, bfd?=0A>> Thanks,=0A>> Luca.=0A=
>>=0A>>=0A>>=0A> =0A=0A__________________________________________________=
=0ADo You Yahoo!?=0ATired of spam? Yahoo! Mail has the best spam protectio=
n around =0Ahttp://mail.yahoo.com
